@node9/proxy 1.11.0 → 1.11.2

package/dist/cli.js

@@ -168,8 +168,8 @@ function sanitizeConfig(raw) {
     }
   }
   const lines = result.error.issues.map((issue) => {
-    const path41 = issue.path.length > 0 ? issue.path.join(".") : "root";
-    return `  \u2022 ${path41}: ${issue.message}`;
+    const path43 = issue.path.length > 0 ? issue.path.join(".") : "root";
+    return `  \u2022 ${path43}: ${issue.message}`;
   });
   return {
     sanitized,
@@ -842,9 +842,8 @@ var init_config = __esm({
               {
                 field: "command",
                 op: "matches",
-                // Require the recursive flag to be preceded by whitespace so that
-                // filenames containing "-r" (e.g. "ai-review.yml") don't false-positive.
-                value: "rm\\b.*\\s(-[rRfF]*[rR][rRfF]*|--recursive)(\\s|$)"
+                // Anchor rm as a shell command (not inside a string arg like a git commit message).
+                value: "(^|&&|\\|\\||;)\\s*rm\\b[^;&|]*\\s(-[rRfF]*[rR][rRfF]*|--recursive)(\\s|$)"
               },
               {
                 field: "command",
@@ -873,6 +872,13 @@ var init_config = __esm({
             name: "review-drop-truncate-shell",
             tool: "bash",
             conditions: [
+              {
+                field: "command",
+                op: "matches",
+                // Require a DB CLI in the command so grep/cat/echo of SQL strings don't trigger.
+                value: "(^|&&|\\|\\||;|\\|)\\s*(psql|mysql|sqlite3|sqlplus|cockroach|clickhouse-client|mongo)\\b",
+                flags: "i"
+              },
               {
                 field: "command",
                 op: "matches",
@@ -893,7 +899,9 @@ var init_config = __esm({
               {
                 field: "command",
                 op: "matches",
-                value: "\\bgit\\b.*\\bpush\\b.*(--force|--force-with-lease|-f\\b)",
+                // Anchor git as a shell command so node -e / python -c scripts containing
+                // "git push --force" as a string don't false-positive.
+                value: "(^|&&|\\|\\||;)\\s*git\\s+push[^;&|]*(--force|--force-with-lease|-f\\b)",
                 flags: "i"
               }
             ],
@@ -903,29 +911,20 @@ var init_config = __esm({
             description: "The AI wants to force push to a remote git branch. This rewrites shared history and can permanently destroy commits that teammates have already pulled."
           },
           {
-            name: "review-git-push",
+            name: "review-git-destructive",
             tool: "bash",
             conditions: [
               {
                 field: "command",
                 op: "matches",
-                value: "\\bgit\\b.*\\bpush\\b(?!.*(-f\\b|--force|--force-with-lease))",
+                value: "\\bgit\\s+(reset\\s+--hard|clean\\s+-[fdxX]|rebase\\b|tag\\s+-d|branch\\s+-[dD])",
                 flags: "i"
-              }
-            ],
-            conditionMode: "all",
-            verdict: "review",
-            reason: "git push sends changes to a shared remote",
-            description: "The AI wants to push commits to a remote repository. Once pushed, those changes are visible to everyone with access."
-          },
-          {
-            name: "review-git-destructive",
-            tool: "bash",
-            conditions: [
+              },
               {
                 field: "command",
-                op: "matches",
-                value: "\\bgit\\b.*(reset\\s+--hard|clean\\s+-[fdxX]|\\brebase\\b|tag\\s+-d|branch\\s+-[dD])",
+                op: "notMatches",
+                // Exclude recovery ops — these resolve a conflict, not start a destructive action.
+                value: "\\bgit\\s+rebase\\s+--(abort|continue|skip)\\b",
                 flags: "i"
               }
             ],
@@ -951,7 +950,9 @@ var init_config = __esm({
               {
                 field: "command",
                 op: "matches",
-                value: "(curl|wget)[^|]*\\|\\s*(ba|z|da|fi|c|k)?sh",
+                // Anchor curl/wget as a shell command so node -e scripts testing this
+                // regex pattern don't self-match as a false positive.
+                value: "(^|&&|\\|\\||;)\\s*(curl|wget)[^|]*\\|\\s*(ba|z|da|fi|c|k)?sh",
                 flags: "i"
               }
             ],
@@ -1173,6 +1174,20 @@ function scanArgs(args, depth = 0, fieldPath = "args") {
   }
   return null;
 }
+function scanText(text) {
+  const t = text.length > MAX_STRING_BYTES ? text.slice(0, MAX_STRING_BYTES) : text;
+  for (const pattern of DLP_PATTERNS) {
+    if (pattern.regex.test(t)) {
+      return {
+        patternName: pattern.name,
+        fieldPath: "response-text",
+        redactedSample: maskSecret(t, pattern.regex),
+        severity: pattern.severity
+      };
+    }
+  }
+  return null;
+}
 var import_fs4, import_path4, DLP_PATTERNS, SENSITIVE_PATH_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES;
 var init_dlp = __esm({
   "src/dlp.ts"() {
@@ -1204,7 +1219,7 @@ var init_dlp = __esm({
         regex: /_authToken\s*=\s*[A-Za-z0-9_\-]{20,}/,
         severity: "block"
       },
-      { name: "Bearer Token", regex: /Bearer\s+[a-zA-Z0-9\-._~+/]+=*/i, severity: "review" }
+      { name: "Bearer Token", regex: /Bearer\s+[a-zA-Z0-9\-._~+/]{20,}=*/i, severity: "review" }
     ];
     SENSITIVE_PATH_PATTERNS = [
       /[/\\]\.ssh[/\\]/i,
@@ -1767,9 +1782,21 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path41) {
+function getNestedValue(obj, path43) {
   if (!obj || typeof obj !== "object") return null;
-  return path41.split(".").reduce((prev, curr) => prev?.[curr], obj);
+  return path43.split(".").reduce((prev, curr) => prev?.[curr], obj);
+}
+function stripStringArguments(cmd) {
+  let result = cmd;
+  result = result.replace(
+    /\b(node|python3?|ruby|perl|php|deno)\s+(-[ecr]|eval)\s+("(?:[^"\\]|\\.)*"|'(?:[^'\\]|\\.)*')/gi,
+    '$1 $2 ""'
+  );
+  result = result.replace(
+    /\s(-m|--message|--body|--title|--description)\s+("(?:[^"\\]|\\.)*"|'(?:[^'\\]|\\.)*')/g,
+    ' $1 ""'
+  );
+  return result;
 }
 function shouldSnapshot(toolName, args, config) {
   if (!config.settings.enableUndo) return false;
@@ -1788,7 +1815,8 @@ function evaluateSmartConditions(args, rule) {
   const mode = rule.conditionMode ?? "all";
   const results = rule.conditions.map((cond) => {
     const rawVal = getNestedValue(args, cond.field);
-    const val = rawVal !== null && rawVal !== void 0 ? String(rawVal).replace(/\s+/g, " ").trim() : null;
+    const normalized = rawVal !== null && rawVal !== void 0 ? String(rawVal).replace(/\s+/g, " ").trim() : null;
+    const val = cond.field === "command" && normalized !== null ? stripStringArguments(normalized) : normalized;
     switch (cond.op) {
       case "exists":
         return val !== null && val !== "";
@@ -2897,13 +2925,30 @@ ${smartTruncate(str, 500)}`
   }
   return { intent: "EXEC", message: smartTruncate(JSON.stringify(parsed), 200) };
 }
+function sendDesktopNotification(title, body) {
+  if (isTestEnv()) return;
+  try {
+    if (process.platform === "darwin") {
+      const esc = (s) => s.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+      const script = `display notification "${esc(body)}" with title "${esc(title)}"`;
+      (0, import_child_process2.spawn)("osascript", ["-e", script], { detached: true, stdio: "ignore" }).unref();
+    } else if (process.platform === "linux") {
+      (0, import_child_process2.spawn)("notify-send", [title, body, "--icon=dialog-warning"], {
+        detached: true,
+        stdio: "ignore"
+      }).unref();
+    }
+  } catch {
+  }
+}
 function escapePango(text) {
   return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
 function buildPlainMessage(toolName, formattedArgs, agent, explainableLabel, locked, allowCount = 1, ruleDescription) {
   const lines = [];
   if (locked) lines.push("\u26A0\uFE0F  LOCKED BY ADMIN POLICY\n");
-  lines.push(`\u{1F916} ${agent || "AI Agent"}  |  \u{1F527} ${toolName}`);
+  const safeAgent = (agent ?? "AI Agent").replace(/\x1b(?:\[[0-9;?]*[a-zA-Z]|\][^\x07\x1b]*(?:\x07|\x1b\\)|[@-_])/g, "").slice(0, 80);
+  lines.push(`\u{1F916} ${safeAgent}  |  \u{1F527} ${toolName}`);
   lines.push(`\u{1F6E1}\uFE0F  ${explainableLabel || "Security Policy"}`);
   if (ruleDescription) lines.push(`\u2139  ${ruleDescription}`);
   lines.push("");
@@ -3290,7 +3335,16 @@ async function authorizeHeadless(toolName, args, meta, options) {
   if (!options?.calledFromDaemon) {
     const actId = (0, import_crypto4.randomUUID)();
     const actTs = Date.now();
-    await notifyActivity({ id: actId, ts: actTs, tool: toolName, args, status: "pending" });
+    await notifyActivity({
+      id: actId,
+      ts: actTs,
+      tool: toolName,
+      args,
+      status: "pending",
+      // Strip ANSI escape sequences — agent name comes from caller-supplied metadata
+      // and may be displayed in a terminal (node9 tail/watch), enabling injection.
+      agent: meta?.agent ? meta.agent.replace(/\x1b(?:\[[0-9;?]*[a-zA-Z]|\][^\x07\x1b]*(?:\x07|\x1b\\)|[@-_])/g, "").slice(0, 80) : void 0
+    });
     const result = await _authorizeHeadlessCore(toolName, args, meta, {
       ...options,
       activityId: actId
@@ -6007,7 +6061,8 @@ function startActivitySocket() {
             ts: data.ts,
             tool: data.tool,
             args: redactArgs(data.args),
-            status: "pending"
+            status: "pending",
+            agent: data.agent
           });
         } else {
           if (data.status === "allow") {
@@ -6471,10 +6526,161 @@ var init_sync = __esm({
   }
 });
 
+// src/daemon/dlp-scanner.ts
+function loadIndex() {
+  try {
+    return JSON.parse(import_fs18.default.readFileSync(INDEX_FILE, "utf-8"));
+  } catch {
+    return {};
+  }
+}
+function saveIndex(index) {
+  try {
+    import_fs18.default.writeFileSync(INDEX_FILE, JSON.stringify(index), { encoding: "utf-8", mode: 384 });
+  } catch {
+  }
+}
+function appendAuditEntry(entry) {
+  try {
+    import_fs18.default.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
+  } catch {
+  }
+}
+function runDlpScan() {
+  if (!import_fs18.default.existsSync(PROJECTS_DIR)) return;
+  const index = loadIndex();
+  let updated = false;
+  let projDirs;
+  try {
+    projDirs = import_fs18.default.readdirSync(PROJECTS_DIR);
+  } catch {
+    return;
+  }
+  for (const proj of projDirs) {
+    const projPath = import_path21.default.join(PROJECTS_DIR, proj);
+    try {
+      if (!import_fs18.default.lstatSync(projPath).isDirectory()) continue;
+      const real = import_fs18.default.realpathSync(projPath);
+      if (!real.startsWith(PROJECTS_DIR + import_path21.default.sep) && real !== PROJECTS_DIR) continue;
+    } catch {
+      continue;
+    }
+    let files;
+    try {
+      files = import_fs18.default.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
+    } catch {
+      continue;
+    }
+    for (const file of files) {
+      const filePath = import_path21.default.join(projPath, file);
+      const lastOffset = index[filePath] ?? 0;
+      let size;
+      try {
+        size = import_fs18.default.statSync(filePath).size;
+      } catch {
+        continue;
+      }
+      if (size <= lastOffset) continue;
+      let fd;
+      try {
+        fd = import_fs18.default.openSync(filePath, "r");
+      } catch {
+        continue;
+      }
+      try {
+        const chunkSize = size - lastOffset;
+        const buf = Buffer.alloc(chunkSize);
+        import_fs18.default.readSync(fd, buf, 0, chunkSize, lastOffset);
+        const chunk = buf.toString("utf-8");
+        for (const line of chunk.split("\n")) {
+          if (!line.trim()) continue;
+          let entry;
+          try {
+            entry = JSON.parse(line);
+          } catch {
+            continue;
+          }
+          if (entry.type !== "assistant") continue;
+          const content = entry.message?.content;
+          if (!Array.isArray(content)) continue;
+          for (const block of content) {
+            if (typeof block !== "object" || block === null || block.type !== "text")
+              continue;
+            const text = block.text;
+            if (typeof text !== "string") continue;
+            const match = scanText(text);
+            if (!match) continue;
+            const projLabel = decodeURIComponent(proj).replace(import_os16.default.homedir(), "~").slice(0, 40);
+            const ts = entry.timestamp ?? (/* @__PURE__ */ new Date()).toISOString();
+            appendAuditEntry({
+              ts,
+              tool: "response-text",
+              decision: "dlp",
+              checkedBy: "response-dlp",
+              source: "response-dlp",
+              dlpPattern: match.patternName,
+              dlpSample: match.redactedSample,
+              project: projLabel
+            });
+            sendDesktopNotification(
+              "\u26A0\uFE0F node9 DLP Alert",
+              `${match.patternName} found in Claude response
+Sample: ${match.redactedSample}
+Project: ${projLabel}
+Run: node9 report --period 30d`
+            );
+          }
+        }
+        index[filePath] = size;
+        updated = true;
+      } finally {
+        try {
+          import_fs18.default.closeSync(fd);
+        } catch {
+        }
+      }
+    }
+  }
+  if (updated) saveIndex(index);
+}
+function startDlpScanner() {
+  setImmediate(() => {
+    try {
+      runDlpScan();
+    } catch {
+    }
+  });
+  const timer = setInterval(
+    () => {
+      try {
+        runDlpScan();
+      } catch {
+      }
+    },
+    60 * 60 * 1e3
+  );
+  timer.unref();
+}
+var import_fs18, import_path21, import_os16, INDEX_FILE, PROJECTS_DIR;
+var init_dlp_scanner = __esm({
+  "src/daemon/dlp-scanner.ts"() {
+    "use strict";
+    import_fs18 = __toESM(require("fs"));
+    import_path21 = __toESM(require("path"));
+    import_os16 = __toESM(require("os"));
+    init_dlp();
+    init_native();
+    init_state2();
+    INDEX_FILE = import_path21.default.join(import_os16.default.homedir(), ".node9", "dlp-index.json");
+    PROJECTS_DIR = import_path21.default.join(import_os16.default.homedir(), ".claude", "projects");
+  }
+});
+
 // src/daemon/server.ts
 function startDaemon() {
   startCostSync();
   startCloudSync();
+  startDlpScanner();
   loadInsightCounts();
   const csrfToken = (0, import_crypto7.randomUUID)();
   const internalToken = (0, import_crypto7.randomUUID)();
@@ -6490,7 +6696,7 @@ function startDaemon() {
     idleTimer = setTimeout(() => {
       if (autoStarted) {
         try {
-          import_fs18.default.unlinkSync(DAEMON_PID_FILE);
+          import_fs19.default.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
       }
@@ -6653,7 +6859,7 @@ data: ${JSON.stringify(item.data)}
             status: "pending"
           });
         }
-        const projectCwd = typeof cwd === "string" && import_path21.default.isAbsolute(cwd) ? cwd : void 0;
+        const projectCwd = typeof cwd === "string" && import_path22.default.isAbsolute(cwd) ? cwd : void 0;
         const projectConfig = getConfig(projectCwd);
         const browserEnabled = projectConfig.settings.approvers?.browser !== false;
         const terminalEnabled = projectConfig.settings.approvers?.terminal !== false;
@@ -7044,8 +7250,8 @@ data: ${JSON.stringify(item.data)}
         const body = await readBody(req);
         const data = body ? JSON.parse(body) : {};
         const configPath = data.configPath ?? GLOBAL_CONFIG_PATH;
-        const node9Dir = import_path21.default.dirname(GLOBAL_CONFIG_PATH);
-        if (!import_path21.default.resolve(configPath).startsWith(node9Dir + import_path21.default.sep)) {
+        const node9Dir = import_path22.default.dirname(GLOBAL_CONFIG_PATH);
+        if (!import_path22.default.resolve(configPath).startsWith(node9Dir + import_path22.default.sep)) {
           res.writeHead(400, { "Content-Type": "application/json" });
           return res.end(
             JSON.stringify({ error: "configPath must be within the node9 config directory" })
@@ -7156,14 +7362,14 @@ data: ${JSON.stringify(item.data)}
   server.on("error", (e) => {
     if (e.code === "EADDRINUSE") {
       try {
-        if (import_fs18.default.existsSync(DAEMON_PID_FILE)) {
-          const { pid } = JSON.parse(import_fs18.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
+        if (import_fs19.default.existsSync(DAEMON_PID_FILE)) {
+          const { pid } = JSON.parse(import_fs19.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
           process.kill(pid, 0);
           return process.exit(0);
         }
       } catch {
         try {
-          import_fs18.default.unlinkSync(DAEMON_PID_FILE);
+          import_fs19.default.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
         server.listen(DAEMON_PORT, DAEMON_HOST);
@@ -7222,13 +7428,13 @@ data: ${JSON.stringify(item.data)}
   }
   startActivitySocket();
 }
-var import_http, import_fs18, import_path21, import_crypto7, import_child_process4, import_chalk2;
+var import_http, import_fs19, import_path22, import_crypto7, import_child_process4, import_chalk2;
 var init_server = __esm({
   "src/daemon/server.ts"() {
     "use strict";
     import_http = __toESM(require("http"));
-    import_fs18 = __toESM(require("fs"));
-    import_path21 = __toESM(require("path"));
+    import_fs19 = __toESM(require("fs"));
+    import_path22 = __toESM(require("path"));
     import_crypto7 = require("crypto");
     import_child_process4 = require("child_process");
     import_chalk2 = __toESM(require("chalk"));
@@ -7241,6 +7447,7 @@ var init_server = __esm({
     init_config_schema();
     init_costSync();
     init_sync();
+    init_dlp_scanner();
   }
 });
 
@@ -7248,8 +7455,8 @@ var init_server = __esm({
 function resolveNode9Binary() {
   try {
     const script = process.argv[1];
-    if (typeof script === "string" && import_path22.default.isAbsolute(script) && import_fs19.default.existsSync(script)) {
-      return import_fs19.default.realpathSync(script);
+    if (typeof script === "string" && import_path23.default.isAbsolute(script) && import_fs20.default.existsSync(script)) {
+      return import_fs20.default.realpathSync(script);
     }
   } catch {
   }
@@ -7267,11 +7474,11 @@ function xmlEscape(s) {
   return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
 }
 function launchdPlist(binaryPath) {
-  const logDir = import_path22.default.join(import_os16.default.homedir(), ".node9");
+  const logDir = import_path23.default.join(import_os17.default.homedir(), ".node9");
   const nodePath = xmlEscape(process.execPath);
   const scriptPath = xmlEscape(binaryPath);
-  const outLog = xmlEscape(import_path22.default.join(logDir, "daemon.log"));
-  const errLog = xmlEscape(import_path22.default.join(logDir, "daemon-error.log"));
+  const outLog = xmlEscape(import_path23.default.join(logDir, "daemon.log"));
+  const errLog = xmlEscape(import_path23.default.join(logDir, "daemon-error.log"));
   return `<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
@@ -7306,9 +7513,9 @@ function launchdPlist(binaryPath) {
 `;
 }
 function installLaunchd(binaryPath) {
-  const dir = import_path22.default.dirname(LAUNCHD_PLIST);
-  if (!import_fs19.default.existsSync(dir)) import_fs19.default.mkdirSync(dir, { recursive: true });
-  import_fs19.default.writeFileSync(LAUNCHD_PLIST, launchdPlist(binaryPath), "utf-8");
+  const dir = import_path23.default.dirname(LAUNCHD_PLIST);
+  if (!import_fs20.default.existsSync(dir)) import_fs20.default.mkdirSync(dir, { recursive: true });
+  import_fs20.default.writeFileSync(LAUNCHD_PLIST, launchdPlist(binaryPath), "utf-8");
   (0, import_child_process5.spawnSync)("launchctl", ["unload", LAUNCHD_PLIST], { encoding: "utf8" });
   const r = (0, import_child_process5.spawnSync)("launchctl", ["load", "-w", LAUNCHD_PLIST], {
     encoding: "utf8",
@@ -7319,13 +7526,13 @@ function installLaunchd(binaryPath) {
   }
 }
 function uninstallLaunchd() {
-  if (import_fs19.default.existsSync(LAUNCHD_PLIST)) {
+  if (import_fs20.default.existsSync(LAUNCHD_PLIST)) {
     (0, import_child_process5.spawnSync)("launchctl", ["unload", "-w", LAUNCHD_PLIST], { encoding: "utf8", timeout: 5e3 });
-    import_fs19.default.unlinkSync(LAUNCHD_PLIST);
+    import_fs20.default.unlinkSync(LAUNCHD_PLIST);
   }
 }
 function isLaunchdInstalled() {
-  return import_fs19.default.existsSync(LAUNCHD_PLIST);
+  return import_fs20.default.existsSync(LAUNCHD_PLIST);
 }
 function systemdUnit(binaryPath) {
   return `[Unit]
@@ -7345,12 +7552,12 @@ WantedBy=default.target
 `;
 }
 function installSystemd(binaryPath) {
-  if (!import_fs19.default.existsSync(SYSTEMD_UNIT_DIR)) {
-    import_fs19.default.mkdirSync(SYSTEMD_UNIT_DIR, { recursive: true });
+  if (!import_fs20.default.existsSync(SYSTEMD_UNIT_DIR)) {
+    import_fs20.default.mkdirSync(SYSTEMD_UNIT_DIR, { recursive: true });
   }
-  import_fs19.default.writeFileSync(SYSTEMD_UNIT, systemdUnit(binaryPath), "utf-8");
+  import_fs20.default.writeFileSync(SYSTEMD_UNIT, systemdUnit(binaryPath), "utf-8");
   try {
-    (0, import_child_process5.execFileSync)("loginctl", ["enable-linger", import_os16.default.userInfo().username], { timeout: 3e3 });
+    (0, import_child_process5.execFileSync)("loginctl", ["enable-linger", import_os17.default.userInfo().username], { timeout: 3e3 });
   } catch {
   }
   const reload = (0, import_child_process5.spawnSync)("systemctl", ["--user", "daemon-reload"], {
@@ -7370,23 +7577,23 @@ function installSystemd(binaryPath) {
   }
 }
 function uninstallSystemd() {
-  if (import_fs19.default.existsSync(SYSTEMD_UNIT)) {
+  if (import_fs20.default.existsSync(SYSTEMD_UNIT)) {
     (0, import_child_process5.spawnSync)("systemctl", ["--user", "disable", "--now", "node9-daemon"], {
       encoding: "utf8",
       timeout: 5e3
     });
     (0, import_child_process5.spawnSync)("systemctl", ["--user", "daemon-reload"], { encoding: "utf8", timeout: 5e3 });
-    import_fs19.default.unlinkSync(SYSTEMD_UNIT);
+    import_fs20.default.unlinkSync(SYSTEMD_UNIT);
   }
 }
 function isSystemdInstalled() {
-  return import_fs19.default.existsSync(SYSTEMD_UNIT);
+  return import_fs20.default.existsSync(SYSTEMD_UNIT);
 }
 function stopRunningDaemon() {
-  const pidFile = import_path22.default.join(import_os16.default.homedir(), ".node9", "daemon.pid");
-  if (!import_fs19.default.existsSync(pidFile)) return;
+  const pidFile = import_path23.default.join(import_os17.default.homedir(), ".node9", "daemon.pid");
+  if (!import_fs20.default.existsSync(pidFile)) return;
   try {
-    const data = JSON.parse(import_fs19.default.readFileSync(pidFile, "utf-8"));
+    const data = JSON.parse(import_fs20.default.readFileSync(pidFile, "utf-8"));
     const pid = data.pid;
     const MAX_PID2 = 4194304;
     if (typeof pid === "number" && Number.isInteger(pid) && pid > 0 && pid <= MAX_PID2) {
@@ -7406,7 +7613,7 @@ function stopRunningDaemon() {
       }
     }
     try {
-      import_fs19.default.unlinkSync(pidFile);
+      import_fs20.default.unlinkSync(pidFile);
     } catch {
     }
   } catch {
@@ -7476,26 +7683,26 @@ function isDaemonServiceInstalled() {
   if (process.platform === "linux") return isSystemdInstalled();
   return false;
 }
-var import_fs19, import_path22, import_os16, import_child_process5, LAUNCHD_LABEL, LAUNCHD_PLIST, SYSTEMD_UNIT_DIR, SYSTEMD_UNIT;
+var import_fs20, import_path23, import_os17, import_child_process5, LAUNCHD_LABEL, LAUNCHD_PLIST, SYSTEMD_UNIT_DIR, SYSTEMD_UNIT;
 var init_service = __esm({
   "src/daemon/service.ts"() {
     "use strict";
-    import_fs19 = __toESM(require("fs"));
-    import_path22 = __toESM(require("path"));
-    import_os16 = __toESM(require("os"));
+    import_fs20 = __toESM(require("fs"));
+    import_path23 = __toESM(require("path"));
+    import_os17 = __toESM(require("os"));
     import_child_process5 = require("child_process");
     LAUNCHD_LABEL = "ai.node9.daemon";
-    LAUNCHD_PLIST = import_path22.default.join(import_os16.default.homedir(), "Library", "LaunchAgents", `${LAUNCHD_LABEL}.plist`);
-    SYSTEMD_UNIT_DIR = import_path22.default.join(import_os16.default.homedir(), ".config", "systemd", "user");
-    SYSTEMD_UNIT = import_path22.default.join(SYSTEMD_UNIT_DIR, "node9-daemon.service");
+    LAUNCHD_PLIST = import_path23.default.join(import_os17.default.homedir(), "Library", "LaunchAgents", `${LAUNCHD_LABEL}.plist`);
+    SYSTEMD_UNIT_DIR = import_path23.default.join(import_os17.default.homedir(), ".config", "systemd", "user");
+    SYSTEMD_UNIT = import_path23.default.join(SYSTEMD_UNIT_DIR, "node9-daemon.service");
   }
 });
 
 // src/daemon/index.ts
 function stopDaemon() {
-  if (!import_fs20.default.existsSync(DAEMON_PID_FILE)) return console.log(import_chalk3.default.yellow("Not running."));
+  if (!import_fs21.default.existsSync(DAEMON_PID_FILE)) return console.log(import_chalk3.default.yellow("Not running."));
   try {
-    const data = JSON.parse(import_fs20.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
+    const data = JSON.parse(import_fs21.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
     const pid = data.pid;
     if (typeof pid !== "number" || !Number.isInteger(pid) || pid <= 0 || pid > MAX_PID) {
       console.log(import_chalk3.default.gray("Cleaned up invalid PID file."));
@@ -7507,7 +7714,7 @@ function stopDaemon() {
     console.log(import_chalk3.default.gray("Cleaned up stale PID file."));
   } finally {
     try {
-      import_fs20.default.unlinkSync(DAEMON_PID_FILE);
+      import_fs21.default.unlinkSync(DAEMON_PID_FILE);
     } catch {
     }
   }
@@ -7516,9 +7723,9 @@ function daemonStatus() {
   const serviceInstalled = isDaemonServiceInstalled();
   const serviceLabel = serviceInstalled ? import_chalk3.default.green("installed (starts on login)") : import_chalk3.default.yellow("not installed \u2014 run: node9 daemon install");
   let processStatus;
-  if (import_fs20.default.existsSync(DAEMON_PID_FILE)) {
+  if (import_fs21.default.existsSync(DAEMON_PID_FILE)) {
     try {
-      const data = JSON.parse(import_fs20.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
+      const data = JSON.parse(import_fs21.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
       const pid = data.pid;
       const port = data.port;
       if (typeof pid !== "number" || !Number.isInteger(pid) || pid <= 0 || pid > MAX_PID) {
@@ -7548,11 +7755,11 @@ function daemonStatus() {
   console.log(`  Service : ${serviceLabel}
 `);
 }
-var import_fs20, import_chalk3, import_child_process6, MAX_PID;
+var import_fs21, import_chalk3, import_child_process6, MAX_PID;
 var init_daemon2 = __esm({
   "src/daemon/index.ts"() {
     "use strict";
-    import_fs20 = __toESM(require("fs"));
+    import_fs21 = __toESM(require("fs"));
     import_chalk3 = __toESM(require("chalk"));
     import_child_process6 = require("child_process");
     init_server();
@@ -7576,6 +7783,74 @@ function getIcon(tool) {
   }
   return "\u{1F6E0}\uFE0F";
 }
+function getModelContextLimit(model) {
+  const base = model.replace(/@.*$/, "").replace(/-\d{8}$/, "");
+  for (const [key, limit] of Object.entries(MODEL_CONTEXT_LIMITS)) {
+    if (base.startsWith(key)) return limit;
+  }
+  return 2e5;
+}
+function readSessionUsage() {
+  const projectsDir = import_path40.default.join(import_os33.default.homedir(), ".claude", "projects");
+  if (!import_fs37.default.existsSync(projectsDir)) return null;
+  let latestFile = null;
+  let latestMtime = 0;
+  try {
+    for (const dir of import_fs37.default.readdirSync(projectsDir)) {
+      const dirPath = import_path40.default.join(projectsDir, dir);
+      try {
+        if (!import_fs37.default.statSync(dirPath).isDirectory()) continue;
+        for (const file of import_fs37.default.readdirSync(dirPath)) {
+          if (!file.endsWith(".jsonl") || file.startsWith("agent-")) continue;
+          const filePath = import_path40.default.join(dirPath, file);
+          try {
+            const mtime = import_fs37.default.statSync(filePath).mtimeMs;
+            if (mtime > latestMtime) {
+              latestMtime = mtime;
+              latestFile = filePath;
+            }
+          } catch {
+          }
+        }
+      } catch {
+      }
+    }
+  } catch {
+  }
+  if (!latestFile) return null;
+  try {
+    const lines = import_fs37.default.readFileSync(latestFile, "utf-8").split("\n");
+    let lastModel = "";
+    let lastInput = 0;
+    let lastOutput = 0;
+    for (const line of lines) {
+      if (!line.trim()) continue;
+      try {
+        const entry = JSON.parse(line);
+        if (entry.type !== "assistant" || !entry.message?.usage) continue;
+        const u = entry.message.usage;
+        lastInput = (u.input_tokens ?? 0) + (u.cache_read_input_tokens ?? 0) + (u.cache_creation_input_tokens ?? 0);
+        lastOutput = u.output_tokens ?? 0;
+        if (entry.message.model) lastModel = entry.message.model;
+      } catch {
+      }
+    }
+    if (!lastModel || lastInput === 0) return null;
+    const limit = getModelContextLimit(lastModel);
+    const fillPct = Math.round(lastInput / limit * 100);
+    return { inputTokens: lastInput, outputTokens: lastOutput, model: lastModel, fillPct };
+  } catch {
+    return null;
+  }
+}
+function formatContextStat(stat) {
+  const pctColor = stat.fillPct >= 80 ? import_chalk25.default.red : stat.fillPct >= 50 ? import_chalk25.default.yellow : import_chalk25.default.cyan;
+  const k = (n) => `${Math.round(n / 1e3)}k`;
+  const modelShort = stat.model.replace(/@.*$/, "").replace(/-\d{8}$/, "").replace(/^claude-/, "");
+  return import_chalk25.default.dim("ctx: ") + pctColor(`${stat.fillPct}%`) + import_chalk25.default.dim(
+    ` (${k(stat.inputTokens)}/${k(getModelContextLimit(stat.model))}  out ${k(stat.outputTokens)}  \xB7 ${modelShort})`
+  );
+}
 function visibleLength(s) {
   return s.replace(/\x1B\[[0-9;]*m/g, "").length;
 }
@@ -7585,26 +7860,31 @@ function wrappedLineCount(text) {
   const len = visibleLength(text);
   return Math.max(1, Math.ceil(len / cols));
 }
+function agentLabel(agent) {
+  if (!agent || agent === "Terminal") return "";
+  const short = agent === "Claude Code" ? "Claude" : agent === "Gemini CLI" ? "Gemini" : agent === "Unknown Agent" ? "" : agent.split(" ")[0];
+  return short ? import_chalk25.default.dim(`[${short}] `) : "";
+}
 function formatBase(activity) {
   const time = new Date(activity.ts).toLocaleTimeString([], { hour12: false });
   const icon = getIcon(activity.tool);
   const toolName = activity.tool.slice(0, 16).padEnd(16);
-  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ").replaceAll(import_os31.default.homedir(), "~");
+  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ").replaceAll(import_os33.default.homedir(), "~");
   const argsPreview = argsStr.length > 70 ? argsStr.slice(0, 70) + "\u2026" : argsStr;
-  return `${import_chalk24.default.gray(time)} ${icon} ${import_chalk24.default.white.bold(toolName)} ${import_chalk24.default.dim(argsPreview)}`;
+  return `${import_chalk25.default.gray(time)} ${icon} ${agentLabel(activity.agent)}${import_chalk25.default.white.bold(toolName)} ${import_chalk25.default.dim(argsPreview)}`;
 }
 function renderResult(activity, result) {
   const base = formatBase(activity);
   let status;
   if (result.status === "allow") {
-    status = import_chalk24.default.green("\u2713 ALLOW");
+    status = import_chalk25.default.green("\u2713 ALLOW");
   } else if (result.status === "dlp") {
-    status = import_chalk24.default.bgRed.white.bold(" \u{1F6E1}\uFE0F  DLP ");
+    status = import_chalk25.default.bgRed.white.bold(" \u{1F6E1}\uFE0F  DLP ");
   } else {
-    status = import_chalk24.default.red("\u2717 BLOCK");
+    status = import_chalk25.default.red("\u2717 BLOCK");
   }
   const cost = result.costEstimate ?? activity.costEstimate;
-  const costSuffix = cost == null ? "" : import_chalk24.default.dim(`  ~$${cost >= 1e-3 ? cost.toFixed(3) : "0.000"}`);
+  const costSuffix = cost == null ? "" : import_chalk25.default.dim(`  ~$${cost >= 1e-3 ? cost.toFixed(3) : "0.000"}`);
   if (process.stdout.isTTY) {
     if (pendingShownForId === activity.id && pendingWrappedLines > 1) {
       import_readline5.default.moveCursor(process.stdout, 0, -(pendingWrappedLines - 1));
@@ -7621,19 +7901,19 @@ function renderResult(activity, result) {
 }
 function renderPending(activity) {
   if (!process.stdout.isTTY) return;
-  const line = `${formatBase(activity)}  ${import_chalk24.default.yellow("\u25CF \u2026")}`;
+  const line = `${formatBase(activity)}  ${import_chalk25.default.yellow("\u25CF \u2026")}`;
   pendingShownForId = activity.id;
   pendingWrappedLines = wrappedLineCount(line);
   process.stdout.write(`${line}\r`);
 }
 async function ensureDaemon() {
   let pidPort = null;
-  if (import_fs35.default.existsSync(PID_FILE)) {
+  if (import_fs37.default.existsSync(PID_FILE)) {
     try {
-      const { port } = JSON.parse(import_fs35.default.readFileSync(PID_FILE, "utf-8"));
+      const { port } = JSON.parse(import_fs37.default.readFileSync(PID_FILE, "utf-8"));
       pidPort = port;
     } catch {
-      console.error(import_chalk24.default.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
+      console.error(import_chalk25.default.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
     }
   }
   const checkPort = pidPort ?? DAEMON_PORT;
@@ -7644,7 +7924,7 @@ async function ensureDaemon() {
     if (res.ok) return checkPort;
   } catch {
   }
-  console.log(import_chalk24.default.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon..."));
+  console.log(import_chalk25.default.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon..."));
   const child = (0, import_child_process15.spawn)(process.execPath, [process.argv[1], "daemon"], {
     detached: true,
     stdio: "ignore",
@@ -7661,7 +7941,7 @@ async function ensureDaemon() {
     } catch {
     }
   }
-  console.error(import_chalk24.default.red("\u274C Daemon failed to start. Try: node9 daemon start"));
+  console.error(import_chalk25.default.red("\u274C Daemon failed to start. Try: node9 daemon start"));
   process.exit(1);
 }
 function postDecisionHttp(id, decision, csrfToken, port, opts) {
@@ -7727,10 +8007,11 @@ function buildCardLines(req, localCount = 0) {
   const severityIcon = isBlock ? `${RED}\u{1F6D1}` : `${YELLOW}\u26A0 `;
   const rawDesc = req.riskMetadata?.ruleDescription ?? "";
   const description = rawDesc ? cleanReason(rawDesc) : "";
+  const agentSuffix = req.agent && req.agent !== "Terminal" ? ` ${RESET2}${import_chalk25.default.dim(`(${req.agent})`)}` : "";
   const lines = [
     ``,
     `${BOLD2}${CYAN}\u2554\u2550\u2550 Node9 Approval Required \u2550\u2550\u2557${RESET2}`,
-    `${CYAN}\u2551${RESET2} Tool:    ${BOLD2}${req.toolName}${RESET2}`,
+    `${CYAN}\u2551${RESET2} Tool:    ${BOLD2}${req.toolName}${RESET2}${agentSuffix}`,
     `${CYAN}\u2551${RESET2} Policy:  ${severityIcon} ${blockedBy}${RESET2}`
   ];
   if (description) {
@@ -7782,9 +8063,9 @@ function buildRecoveryCardLines(req) {
   ];
 }
 function readApproversFromDisk() {
-  const configPath = import_path38.default.join(import_os31.default.homedir(), ".node9", "config.json");
+  const configPath = import_path40.default.join(import_os33.default.homedir(), ".node9", "config.json");
   try {
-    const raw = JSON.parse(import_fs35.default.readFileSync(configPath, "utf-8"));
+    const raw = JSON.parse(import_fs37.default.readFileSync(configPath, "utf-8"));
     const settings = raw.settings ?? {};
     return settings.approvers ?? {};
   } catch {
@@ -7795,20 +8076,20 @@ function approverStatusLine() {
   const a = readApproversFromDisk();
   const fmt = (label, key) => {
     const on = a[key] !== false;
-    return `[${key[0]}]${label.slice(1)} ${on ? import_chalk24.default.green("\u2713") : import_chalk24.default.dim("\u2717")}`;
+    return `[${key[0]}]${label.slice(1)} ${on ? import_chalk25.default.green("\u2713") : import_chalk25.default.dim("\u2717")}`;
   };
   return `${fmt("native", "native")}  ${fmt("browser", "browser")}  ${fmt("cloud", "cloud")}  ${fmt("terminal", "terminal")}`;
 }
 function toggleApprover(channel) {
-  const configPath = import_path38.default.join(import_os31.default.homedir(), ".node9", "config.json");
+  const configPath = import_path40.default.join(import_os33.default.homedir(), ".node9", "config.json");
   try {
-    const raw = JSON.parse(import_fs35.default.readFileSync(configPath, "utf-8"));
+    const raw = JSON.parse(import_fs37.default.readFileSync(configPath, "utf-8"));
     const settings = raw.settings ?? {};
     const approvers = settings.approvers ?? {};
     approvers[channel] = approvers[channel] === false;
     settings.approvers = approvers;
     raw.settings = settings;
-    import_fs35.default.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
+    import_fs37.default.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
   } catch (err2) {
     process.stderr.write(`[node9] toggleApprover failed: ${String(err2)}
 `);
@@ -7840,7 +8121,7 @@ async function startTail(options = {}) {
       req2.end();
     });
     if (result.ok) {
-      console.log(import_chalk24.default.green("\u2713 Flight Recorder buffer cleared."));
+      console.log(import_chalk25.default.green("\u2713 Flight Recorder buffer cleared."));
     } else if (result.code === "ECONNREFUSED") {
       throw new Error("Daemon is not running. Start it with: node9 daemon start");
     } else if (result.code === "ETIMEDOUT") {
@@ -7884,7 +8165,7 @@ async function startTail(options = {}) {
       const channel = name === "n" ? "native" : name === "b" ? "browser" : name === "c" ? "cloud" : name === "t" ? "terminal" : null;
       if (channel) {
         toggleApprover(channel);
-        console.log(import_chalk24.default.dim(`  Approvers: ${approverStatusLine()}`));
+        console.log(import_chalk25.default.dim(`  Approvers: ${approverStatusLine()}`));
       }
     };
     process.stdin.on("keypress", idleKeypressHandler);
@@ -7950,7 +8231,7 @@ async function startTail(options = {}) {
           localAllowCounts.get(req2.toolName) ?? 0
         )
       );
-      const decisionStamp = action === "always-allow" ? import_chalk24.default.yellow("\u2605 ALWAYS ALLOW") : action === "trust" ? import_chalk24.default.cyan("\u23F1 TRUST 30m") : action === "allow" ? import_chalk24.default.green("\u2713 ALLOWED") : action === "redirect" ? import_chalk24.default.yellow("\u21A9 REDIRECT AI") : import_chalk24.default.red("\u2717 DENIED");
+      const decisionStamp = action === "always-allow" ? import_chalk25.default.yellow("\u2605 ALWAYS ALLOW") : action === "trust" ? import_chalk25.default.cyan("\u23F1 TRUST 30m") : action === "allow" ? import_chalk25.default.green("\u2713 ALLOWED") : action === "redirect" ? import_chalk25.default.yellow("\u21A9 REDIRECT AI") : import_chalk25.default.red("\u2717 DENIED");
       stampedLines.push(`  ${BOLD2}\u2192${RESET2} ${decisionStamp} ${GRAY}(terminal)${RESET2}`, ``);
       for (const line of stampedLines) process.stdout.write(line + "\n");
       process.stdout.write(SHOW_CURSOR);
@@ -7978,8 +8259,8 @@ async function startTail(options = {}) {
       }
       postDecisionHttp(req2.id, httpDecision, csrfToken, port, httpOpts).catch((err2) => {
         try {
-          import_fs35.default.appendFileSync(
-            import_path38.default.join(import_os31.default.homedir(), ".node9", "hook-debug.log"),
+          import_fs37.default.appendFileSync(
+            import_path40.default.join(import_os33.default.homedir(), ".node9", "hook-debug.log"),
             `[tail] POST /decision failed: ${String(err2)}
 `
           );
@@ -8001,7 +8282,7 @@ async function startTail(options = {}) {
       );
       const stampedLines = buildCardLines(req2, priorCount);
       if (externalDecision) {
-        const source = externalDecision === "allow" ? import_chalk24.default.green("\u2713 ALLOWED") : import_chalk24.default.red("\u2717 DENIED");
+        const source = externalDecision === "allow" ? import_chalk25.default.green("\u2713 ALLOWED") : import_chalk25.default.red("\u2717 DENIED");
         stampedLines.push(`  ${BOLD2}\u2192${RESET2} ${source} ${GRAY}(external)${RESET2}`, ``);
       }
       for (const line of stampedLines) process.stdout.write(line + "\n");
@@ -8060,16 +8341,31 @@ async function startTail(options = {}) {
     }
   } catch {
   }
-  console.log(import_chalk24.default.cyan.bold(`
-\u{1F6F0}\uFE0F  Node9 tail  `) + import_chalk24.default.dim(`\u2192 ${dashboardUrl}`));
+  const auditLog = import_path40.default.join(import_os33.default.homedir(), ".node9", "audit.log");
+  try {
+    const unackedDlp = import_fs37.default.readFileSync(auditLog, "utf-8").split("\n").filter((l) => l.includes('"response-dlp"')).length;
+    if (unackedDlp > 0) {
+      console.log("");
+      console.log(
+        import_chalk25.default.bgRed.white.bold(
+          ` \u26A0\uFE0F  DLP ALERT: ${unackedDlp} secret${unackedDlp !== 1 ? "s" : ""} found in Claude response text \u2014 run: node9 dlp `
+        )
+      );
+    }
+  } catch {
+  }
+  console.log(import_chalk25.default.cyan.bold(`
+\u{1F6F0}\uFE0F  Node9 tail  `) + import_chalk25.default.dim(`\u2192 ${dashboardUrl}`));
   if (canApprove) {
-    console.log(import_chalk24.default.dim("Card: [\u21B5/y] Allow  [n] Deny  [a] Always  [t] Trust 30m"));
-    console.log(import_chalk24.default.dim(`Approvers (toggle): ${approverStatusLine()}  [q] quit`));
+    console.log(import_chalk25.default.dim("Card: [\u21B5/y] Allow  [n] Deny  [a] Always  [t] Trust 30m"));
+    console.log(import_chalk25.default.dim(`Approvers (toggle): ${approverStatusLine()}  [q] quit`));
   }
+  const ctxStat = readSessionUsage();
+  if (ctxStat) console.log("  " + formatContextStat(ctxStat));
   if (options.history) {
-    console.log(import_chalk24.default.dim("Showing history + live events.\n"));
+    console.log(import_chalk25.default.dim("Showing history + live events.\n"));
   } else {
-    console.log(import_chalk24.default.dim("Showing live events only. Use --history to include past.\n"));
+    console.log(import_chalk25.default.dim("Showing live events only. Use --history to include past.\n"));
   }
   process.on("SIGINT", () => {
     exitIdleMode();
@@ -8079,13 +8375,13 @@ async function startTail(options = {}) {
       import_readline5.default.clearLine(process.stdout, 0);
       import_readline5.default.cursorTo(process.stdout, 0);
     }
-    console.log(import_chalk24.default.dim("\n\u{1F6F0}\uFE0F  Disconnected."));
+    console.log(import_chalk25.default.dim("\n\u{1F6F0}\uFE0F  Disconnected."));
     process.exit(0);
   });
   const sseUrl = `http://127.0.0.1:${port}/events?capabilities=input`;
   const req = import_http2.default.get(sseUrl, (res) => {
     if (res.statusCode !== 200) {
-      console.error(import_chalk24.default.red(`Failed to connect: HTTP ${res.statusCode}`));
+      console.error(import_chalk25.default.red(`Failed to connect: HTTP ${res.statusCode}`));
       process.exit(1);
     }
     if (canApprove) enterIdleMode();
@@ -8116,7 +8412,7 @@ async function startTail(options = {}) {
         import_readline5.default.clearLine(process.stdout, 0);
         import_readline5.default.cursorTo(process.stdout, 0);
       }
-      console.log(import_chalk24.default.red("\n\u274C Daemon disconnected."));
+      console.log(import_chalk25.default.red("\n\u274C Daemon disconnected."));
       process.exit(1);
     });
   });
@@ -8208,9 +8504,9 @@ async function startTail(options = {}) {
       const hash = data.hash ?? "";
       const summary = data.argsSummary ?? data.tool;
       const fileCount = data.fileCount ?? 0;
-      const files = fileCount > 0 ? import_chalk24.default.dim(` \xB7 ${fileCount} file${fileCount === 1 ? "" : "s"}`) : "";
+      const files = fileCount > 0 ? import_chalk25.default.dim(` \xB7 ${fileCount} file${fileCount === 1 ? "" : "s"}`) : "";
       process.stdout.write(
-        `${import_chalk24.default.dim(time)}  ${import_chalk24.default.cyan("\u{1F4F8} snapshot")}  ${import_chalk24.default.dim(hash)}  ${summary}${files}
+        `${import_chalk25.default.dim(time)}  ${import_chalk25.default.cyan("\u{1F4F8} snapshot")}  ${import_chalk25.default.dim(hash)}  ${summary}${files}
 `
       );
       return;
@@ -8227,26 +8523,26 @@ async function startTail(options = {}) {
   }
   req.on("error", (err2) => {
     const msg = err2.code === "ECONNREFUSED" ? "Daemon is not running. Start it with: node9 daemon start" : err2.message;
-    console.error(import_chalk24.default.red(`
+    console.error(import_chalk25.default.red(`
 \u274C ${msg}`));
     process.exit(1);
   });
 }
-var import_http2, import_chalk24, import_fs35, import_os31, import_path38, import_readline5, import_child_process15, PID_FILE, ICONS, RESET2, BOLD2, RED, YELLOW, CYAN, GRAY, GREEN, HIDE_CURSOR, SHOW_CURSOR, ERASE_DOWN, pendingShownForId, pendingWrappedLines, DIVIDER;
+var import_http2, import_chalk25, import_fs37, import_os33, import_path40, import_readline5, import_child_process15, PID_FILE, ICONS, MODEL_CONTEXT_LIMITS, RESET2, BOLD2, RED, YELLOW, CYAN, GRAY, GREEN, HIDE_CURSOR, SHOW_CURSOR, ERASE_DOWN, pendingShownForId, pendingWrappedLines, DIVIDER;
 var init_tail = __esm({
   "src/tui/tail.ts"() {
     "use strict";
     import_http2 = __toESM(require("http"));
-    import_chalk24 = __toESM(require("chalk"));
-    import_fs35 = __toESM(require("fs"));
-    import_os31 = __toESM(require("os"));
-    import_path38 = __toESM(require("path"));
+    import_chalk25 = __toESM(require("chalk"));
+    import_fs37 = __toESM(require("fs"));
+    import_os33 = __toESM(require("os"));
+    import_path40 = __toESM(require("path"));
     import_readline5 = __toESM(require("readline"));
     import_child_process15 = require("child_process");
     init_daemon2();
     init_daemon();
     init_core();
-    PID_FILE = import_path38.default.join(import_os31.default.homedir(), ".node9", "daemon.pid");
+    PID_FILE = import_path40.default.join(import_os33.default.homedir(), ".node9", "daemon.pid");
     ICONS = {
       bash: "\u{1F4BB}",
       shell: "\u{1F4BB}",
@@ -8264,6 +8560,13 @@ var init_tail = __esm({
       delete: "\u{1F5D1}\uFE0F",
       web: "\u{1F310}"
     };
+    MODEL_CONTEXT_LIMITS = {
+      "claude-opus-4": 2e5,
+      "claude-sonnet-4": 2e5,
+      "claude-haiku-4": 2e5,
+      "claude-3-7": 2e5,
+      "claude-3-5": 2e5
+    };
     RESET2 = "\x1B[0m";
     BOLD2 = "\x1B[1m";
     RED = "\x1B[31m";
@@ -8361,9 +8664,9 @@ function formatTimeLeft(resetsAt) {
   return ` (${m}m left)`;
 }
 function safeReadJson(filePath) {
-  if (!import_fs36.default.existsSync(filePath)) return null;
+  if (!import_fs38.default.existsSync(filePath)) return null;
   try {
-    return JSON.parse(import_fs36.default.readFileSync(filePath, "utf-8"));
+    return JSON.parse(import_fs38.default.readFileSync(filePath, "utf-8"));
   } catch {
     return null;
   }
@@ -8384,12 +8687,12 @@ function countHooksInFile(filePath) {
   return Object.keys(cfg.hooks).length;
 }
 function countRulesInDir(rulesDir) {
-  if (!import_fs36.default.existsSync(rulesDir)) return 0;
+  if (!import_fs38.default.existsSync(rulesDir)) return 0;
   let count = 0;
   try {
-    for (const entry of import_fs36.default.readdirSync(rulesDir, { withFileTypes: true })) {
+    for (const entry of import_fs38.default.readdirSync(rulesDir, { withFileTypes: true })) {
       if (entry.isDirectory()) {
-        count += countRulesInDir(import_path39.default.join(rulesDir, entry.name));
+        count += countRulesInDir(import_path41.default.join(rulesDir, entry.name));
       } else if (entry.isFile() && entry.name.endsWith(".md")) {
         count++;
       }
@@ -8400,46 +8703,46 @@ function countRulesInDir(rulesDir) {
 }
 function isSamePath(a, b) {
   try {
-    return import_path39.default.resolve(a) === import_path39.default.resolve(b);
+    return import_path41.default.resolve(a) === import_path41.default.resolve(b);
   } catch {
     return false;
   }
 }
 function countConfigs(cwd) {
-  const homeDir2 = import_os32.default.homedir();
-  const claudeDir = import_path39.default.join(homeDir2, ".claude");
+  const homeDir2 = import_os34.default.homedir();
+  const claudeDir = import_path41.default.join(homeDir2, ".claude");
   let claudeMdCount = 0;
   let rulesCount = 0;
   let hooksCount = 0;
   const userMcpServers = /* @__PURE__ */ new Set();
   const projectMcpServers = /* @__PURE__ */ new Set();
-  if (import_fs36.default.existsSync(import_path39.default.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
-  rulesCount += countRulesInDir(import_path39.default.join(claudeDir, "rules"));
-  const userSettings = import_path39.default.join(claudeDir, "settings.json");
+  if (import_fs38.default.existsSync(import_path41.default.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
+  rulesCount += countRulesInDir(import_path41.default.join(claudeDir, "rules"));
+  const userSettings = import_path41.default.join(claudeDir, "settings.json");
   for (const name of getMcpServerNames(userSettings)) userMcpServers.add(name);
   hooksCount += countHooksInFile(userSettings);
-  const userClaudeJson = import_path39.default.join(homeDir2, ".claude.json");
+  const userClaudeJson = import_path41.default.join(homeDir2, ".claude.json");
   for (const name of getMcpServerNames(userClaudeJson)) userMcpServers.add(name);
   for (const name of getDisabledMcpServers(userClaudeJson, "disabledMcpServers")) {
     userMcpServers.delete(name);
   }
   if (cwd) {
-    if (import_fs36.default.existsSync(import_path39.default.join(cwd, "CLAUDE.md"))) claudeMdCount++;
-    if (import_fs36.default.existsSync(import_path39.default.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
-    const projectClaudeDir = import_path39.default.join(cwd, ".claude");
+    if (import_fs38.default.existsSync(import_path41.default.join(cwd, "CLAUDE.md"))) claudeMdCount++;
+    if (import_fs38.default.existsSync(import_path41.default.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
+    const projectClaudeDir = import_path41.default.join(cwd, ".claude");
     const overlapsUserScope = isSamePath(projectClaudeDir, claudeDir);
     if (!overlapsUserScope) {
-      if (import_fs36.default.existsSync(import_path39.default.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
-      rulesCount += countRulesInDir(import_path39.default.join(projectClaudeDir, "rules"));
-      const projSettings = import_path39.default.join(projectClaudeDir, "settings.json");
+      if (import_fs38.default.existsSync(import_path41.default.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
+      rulesCount += countRulesInDir(import_path41.default.join(projectClaudeDir, "rules"));
+      const projSettings = import_path41.default.join(projectClaudeDir, "settings.json");
       for (const name of getMcpServerNames(projSettings)) projectMcpServers.add(name);
       hooksCount += countHooksInFile(projSettings);
     }
-    if (import_fs36.default.existsSync(import_path39.default.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
-    const localSettings = import_path39.default.join(projectClaudeDir, "settings.local.json");
+    if (import_fs38.default.existsSync(import_path41.default.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
+    const localSettings = import_path41.default.join(projectClaudeDir, "settings.local.json");
     for (const name of getMcpServerNames(localSettings)) projectMcpServers.add(name);
     hooksCount += countHooksInFile(localSettings);
-    const mcpJsonServers = getMcpServerNames(import_path39.default.join(cwd, ".mcp.json"));
+    const mcpJsonServers = getMcpServerNames(import_path41.default.join(cwd, ".mcp.json"));
     const disabledMcpJson = getDisabledMcpServers(localSettings, "disabledMcpjsonServers");
     for (const name of disabledMcpJson) mcpJsonServers.delete(name);
     for (const name of mcpJsonServers) projectMcpServers.add(name);
@@ -8472,12 +8775,12 @@ function readActiveShieldsHud() {
     return shieldsCache.value;
   }
   try {
-    const shieldsPath = import_path39.default.join(import_os32.default.homedir(), ".node9", "shields.json");
-    if (!import_fs36.default.existsSync(shieldsPath)) {
+    const shieldsPath = import_path41.default.join(import_os34.default.homedir(), ".node9", "shields.json");
+    if (!import_fs38.default.existsSync(shieldsPath)) {
       shieldsCache = { value: [], ts: now };
       return [];
     }
-    const parsed = JSON.parse(import_fs36.default.readFileSync(shieldsPath, "utf-8"));
+    const parsed = JSON.parse(import_fs38.default.readFileSync(shieldsPath, "utf-8"));
     if (!Array.isArray(parsed.active)) {
       shieldsCache = { value: [], ts: now };
       return [];
@@ -8579,17 +8882,17 @@ function renderContextLine(stdin) {
 async function main() {
   try {
     const [stdin, daemonStatus2] = await Promise.all([readStdin(), queryDaemon()]);
-    if (import_fs36.default.existsSync(import_path39.default.join(import_os32.default.homedir(), ".node9", "hud-debug"))) {
+    if (import_fs38.default.existsSync(import_path41.default.join(import_os34.default.homedir(), ".node9", "hud-debug"))) {
       try {
-        const logPath = import_path39.default.join(import_os32.default.homedir(), ".node9", "hud-debug.log");
+        const logPath = import_path41.default.join(import_os34.default.homedir(), ".node9", "hud-debug.log");
         const MAX_LOG_SIZE = 10 * 1024 * 1024;
         let size = 0;
         try {
-          size = import_fs36.default.statSync(logPath).size;
+          size = import_fs38.default.statSync(logPath).size;
         } catch {
         }
         if (size < MAX_LOG_SIZE) {
-          import_fs36.default.appendFileSync(
+          import_fs38.default.appendFileSync(
             logPath,
             JSON.stringify({ ts: (/* @__PURE__ */ new Date()).toISOString(), stdin }) + "\n"
           );
@@ -8610,11 +8913,11 @@ async function main() {
       try {
         const cwd = stdin.cwd ?? process.cwd();
         for (const configPath of [
-          import_path39.default.join(cwd, "node9.config.json"),
-          import_path39.default.join(import_os32.default.homedir(), ".node9", "config.json")
+          import_path41.default.join(cwd, "node9.config.json"),
+          import_path41.default.join(import_os34.default.homedir(), ".node9", "config.json")
         ]) {
-          if (!import_fs36.default.existsSync(configPath)) continue;
-          const cfg = JSON.parse(import_fs36.default.readFileSync(configPath, "utf-8"));
+          if (!import_fs38.default.existsSync(configPath)) continue;
+          const cfg = JSON.parse(import_fs38.default.readFileSync(configPath, "utf-8"));
           const hud = cfg.settings?.hud;
           if (hud && "showEnvironmentCounts" in hud) return hud.showEnvironmentCounts !== false;
         }
@@ -8632,13 +8935,13 @@ async function main() {
     renderOffline();
   }
 }
-var import_fs36, import_path39, import_os32, import_http3, RESET3, BOLD3, DIM, RED2, GREEN2, YELLOW2, BLUE, MAGENTA, CYAN2, WHITE, BAR_FILLED, BAR_EMPTY, BAR_WIDTH, shieldsCache, SHIELDS_CACHE_TTL_MS;
+var import_fs38, import_path41, import_os34, import_http3, RESET3, BOLD3, DIM, RED2, GREEN2, YELLOW2, BLUE, MAGENTA, CYAN2, WHITE, BAR_FILLED, BAR_EMPTY, BAR_WIDTH, shieldsCache, SHIELDS_CACHE_TTL_MS;
 var init_hud = __esm({
   "src/cli/hud.ts"() {
     "use strict";
-    import_fs36 = __toESM(require("fs"));
-    import_path39 = __toESM(require("path"));
-    import_os32 = __toESM(require("os"));
+    import_fs38 = __toESM(require("fs"));
+    import_path41 = __toESM(require("path"));
+    import_os34 = __toESM(require("os"));
     import_http3 = __toESM(require("http"));
     init_daemon();
     RESET3 = "\x1B[0m";
@@ -9553,10 +9856,10 @@ function getAgentsStatus(homeDir2 = import_os11.default.homedir()) {
 
 // src/cli.ts
 init_daemon2();
-var import_chalk25 = __toESM(require("chalk"));
-var import_fs37 = __toESM(require("fs"));
-var import_path40 = __toESM(require("path"));
-var import_os33 = __toESM(require("os"));
+var import_chalk26 = __toESM(require("chalk"));
+var import_fs39 = __toESM(require("fs"));
+var import_path42 = __toESM(require("path"));
+var import_os35 = __toESM(require("os"));
 var import_prompts2 = require("@inquirer/prompts");
 
 // src/utils/duration.ts
@@ -9781,10 +10084,10 @@ async function autoStartDaemonAndWait() {
 
 // src/cli/commands/check.ts
 var import_chalk5 = __toESM(require("chalk"));
-var import_fs23 = __toESM(require("fs"));
+var import_fs24 = __toESM(require("fs"));
 var import_child_process10 = require("child_process");
-var import_path25 = __toESM(require("path"));
-var import_os19 = __toESM(require("os"));
+var import_path26 = __toESM(require("path"));
+var import_os20 = __toESM(require("os"));
 init_orchestrator();
 init_daemon();
 init_config();
@@ -9793,11 +10096,11 @@ init_policy();
 // src/undo.ts
 var import_child_process9 = require("child_process");
 var import_crypto8 = __toESM(require("crypto"));
-var import_fs21 = __toESM(require("fs"));
+var import_fs22 = __toESM(require("fs"));
 var import_net3 = __toESM(require("net"));
-var import_path23 = __toESM(require("path"));
-var import_os17 = __toESM(require("os"));
-var ACTIVITY_SOCKET_PATH3 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path23.default.join(import_os17.default.tmpdir(), "node9-activity.sock");
+var import_path24 = __toESM(require("path"));
+var import_os18 = __toESM(require("os"));
+var ACTIVITY_SOCKET_PATH3 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path24.default.join(import_os18.default.tmpdir(), "node9-activity.sock");
 function notifySnapshotTaken(hash, tool, argsSummary, fileCount) {
   try {
     const payload = JSON.stringify({
@@ -9817,22 +10120,22 @@ function notifySnapshotTaken(hash, tool, argsSummary, fileCount) {
   } catch {
   }
 }
-var SNAPSHOT_STACK_PATH = import_path23.default.join(import_os17.default.homedir(), ".node9", "snapshots.json");
-var UNDO_LATEST_PATH = import_path23.default.join(import_os17.default.homedir(), ".node9", "undo_latest.txt");
+var SNAPSHOT_STACK_PATH = import_path24.default.join(import_os18.default.homedir(), ".node9", "snapshots.json");
+var UNDO_LATEST_PATH = import_path24.default.join(import_os18.default.homedir(), ".node9", "undo_latest.txt");
 var MAX_SNAPSHOTS = 10;
 var GIT_TIMEOUT = 15e3;
 function readStack() {
   try {
-    if (import_fs21.default.existsSync(SNAPSHOT_STACK_PATH))
-      return JSON.parse(import_fs21.default.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
+    if (import_fs22.default.existsSync(SNAPSHOT_STACK_PATH))
+      return JSON.parse(import_fs22.default.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
   } catch {
   }
   return [];
 }
 function writeStack(stack) {
-  const dir = import_path23.default.dirname(SNAPSHOT_STACK_PATH);
-  if (!import_fs21.default.existsSync(dir)) import_fs21.default.mkdirSync(dir, { recursive: true });
-  import_fs21.default.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
+  const dir = import_path24.default.dirname(SNAPSHOT_STACK_PATH);
+  if (!import_fs22.default.existsSync(dir)) import_fs22.default.mkdirSync(dir, { recursive: true });
+  import_fs22.default.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
 }
 function extractFilePath(args) {
   if (!args || typeof args !== "object") return null;
@@ -9852,12 +10155,12 @@ function buildArgsSummary(tool, args) {
   return "";
 }
 function findProjectRoot(filePath) {
-  let dir = import_path23.default.dirname(filePath);
+  let dir = import_path24.default.dirname(filePath);
   while (true) {
-    if (import_fs21.default.existsSync(import_path23.default.join(dir, ".git")) || import_fs21.default.existsSync(import_path23.default.join(dir, "package.json"))) {
+    if (import_fs22.default.existsSync(import_path24.default.join(dir, ".git")) || import_fs22.default.existsSync(import_path24.default.join(dir, "package.json"))) {
       return dir;
     }
-    const parent = import_path23.default.dirname(dir);
+    const parent = import_path24.default.dirname(dir);
     if (parent === dir) return process.cwd();
     dir = parent;
   }
@@ -9865,7 +10168,7 @@ function findProjectRoot(filePath) {
 function normalizeCwdForHash(cwd) {
   let normalized;
   try {
-    normalized = import_fs21.default.realpathSync(cwd);
+    normalized = import_fs22.default.realpathSync(cwd);
   } catch {
     normalized = cwd;
   }
@@ -9875,16 +10178,16 @@ function normalizeCwdForHash(cwd) {
 }
 function getShadowRepoDir(cwd) {
   const hash = import_crypto8.default.createHash("sha256").update(normalizeCwdForHash(cwd)).digest("hex").slice(0, 16);
-  return import_path23.default.join(import_os17.default.homedir(), ".node9", "snapshots", hash);
+  return import_path24.default.join(import_os18.default.homedir(), ".node9", "snapshots", hash);
 }
 function cleanOrphanedIndexFiles(shadowDir) {
   try {
     const cutoff = Date.now() - 6e4;
-    for (const f of import_fs21.default.readdirSync(shadowDir)) {
+    for (const f of import_fs22.default.readdirSync(shadowDir)) {
       if (f.startsWith("index_")) {
-        const fp = import_path23.default.join(shadowDir, f);
+        const fp = import_path24.default.join(shadowDir, f);
         try {
-          if (import_fs21.default.statSync(fp).mtimeMs < cutoff) import_fs21.default.unlinkSync(fp);
+          if (import_fs22.default.statSync(fp).mtimeMs < cutoff) import_fs22.default.unlinkSync(fp);
         } catch {
         }
       }
@@ -9896,7 +10199,7 @@ function writeShadowExcludes(shadowDir, ignorePaths) {
   const hardcoded = [".git", ".node9"];
   const lines = [...hardcoded, ...ignorePaths].join("\n");
   try {
-    import_fs21.default.writeFileSync(import_path23.default.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
+    import_fs22.default.writeFileSync(import_path24.default.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
   } catch {
   }
 }
@@ -9909,25 +10212,25 @@ function ensureShadowRepo(shadowDir, cwd) {
     timeout: 3e3
   });
   if (check.status === 0) {
-    const ptPath = import_path23.default.join(shadowDir, "project-path.txt");
+    const ptPath = import_path24.default.join(shadowDir, "project-path.txt");
     try {
-      const stored = import_fs21.default.readFileSync(ptPath, "utf8").trim();
+      const stored = import_fs22.default.readFileSync(ptPath, "utf8").trim();
       if (stored === normalizedCwd) return true;
       if (process.env.NODE9_DEBUG === "1")
         console.error(
           `[Node9] Shadow repo path mismatch: stored="${stored}" expected="${normalizedCwd}" \u2014 reinitializing`
         );
-      import_fs21.default.rmSync(shadowDir, { recursive: true, force: true });
+      import_fs22.default.rmSync(shadowDir, { recursive: true, force: true });
     } catch {
       try {
-        import_fs21.default.writeFileSync(ptPath, normalizedCwd, "utf8");
+        import_fs22.default.writeFileSync(ptPath, normalizedCwd, "utf8");
       } catch {
       }
       return true;
     }
   }
   try {
-    import_fs21.default.mkdirSync(shadowDir, { recursive: true });
+    import_fs22.default.mkdirSync(shadowDir, { recursive: true });
   } catch {
   }
   const init = (0, import_child_process9.spawnSync)("git", ["init", "--bare", shadowDir], { timeout: 5e3 });
@@ -9936,7 +10239,7 @@ function ensureShadowRepo(shadowDir, cwd) {
     if (process.env.NODE9_DEBUG === "1") console.error("[Node9] git init --bare failed:", reason);
     return false;
   }
-  const configFile = import_path23.default.join(shadowDir, "config");
+  const configFile = import_path24.default.join(shadowDir, "config");
   (0, import_child_process9.spawnSync)("git", ["config", "--file", configFile, "core.untrackedCache", "true"], {
     timeout: 3e3
   });
@@ -9944,7 +10247,7 @@ function ensureShadowRepo(shadowDir, cwd) {
     timeout: 3e3
   });
   try {
-    import_fs21.default.writeFileSync(import_path23.default.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
+    import_fs22.default.writeFileSync(import_path24.default.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
   } catch {
   }
   return true;
@@ -9964,12 +10267,12 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
   let indexFile = null;
   try {
     const rawFilePath = extractFilePath(args);
-    const absFilePath = rawFilePath && import_path23.default.isAbsolute(rawFilePath) ? rawFilePath : null;
+    const absFilePath = rawFilePath && import_path24.default.isAbsolute(rawFilePath) ? rawFilePath : null;
     const cwd = absFilePath ? findProjectRoot(absFilePath) : process.cwd();
     const shadowDir = getShadowRepoDir(cwd);
     if (!ensureShadowRepo(shadowDir, cwd)) return null;
     writeShadowExcludes(shadowDir, ignorePaths);
-    indexFile = import_path23.default.join(shadowDir, `index_${process.pid}_${Date.now()}`);
+    indexFile = import_path24.default.join(shadowDir, `index_${process.pid}_${Date.now()}`);
     const shadowEnv = {
       ...process.env,
       GIT_DIR: shadowDir,
@@ -10041,7 +10344,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
     writeStack(stack);
     const entry = stack[stack.length - 1];
     notifySnapshotTaken(commitHash.slice(0, 7), tool, entry.argsSummary, capturedFiles.length);
-    import_fs21.default.writeFileSync(UNDO_LATEST_PATH, commitHash);
+    import_fs22.default.writeFileSync(UNDO_LATEST_PATH, commitHash);
     if (shouldGc) {
       (0, import_child_process9.spawn)("git", ["gc", "--auto"], { env: shadowEnv, detached: true, stdio: "ignore" }).unref();
     }
@@ -10052,7 +10355,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
   } finally {
     if (indexFile) {
       try {
-        import_fs21.default.unlinkSync(indexFile);
+        import_fs22.default.unlinkSync(indexFile);
       } catch {
       }
     }
@@ -10128,9 +10431,9 @@ function applyUndo(hash, cwd) {
       timeout: GIT_TIMEOUT
     }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
     for (const file of [...tracked, ...untracked]) {
-      const fullPath = import_path23.default.join(dir, file);
-      if (!snapshotFiles.has(file) && import_fs21.default.existsSync(fullPath)) {
-        import_fs21.default.unlinkSync(fullPath);
+      const fullPath = import_path24.default.join(dir, file);
+      if (!snapshotFiles.has(file) && import_fs22.default.existsSync(fullPath)) {
+        import_fs22.default.unlinkSync(fullPath);
       }
     }
     return true;
@@ -10140,12 +10443,12 @@ function applyUndo(hash, cwd) {
 }
 
 // src/skill-pin.ts
-var import_fs22 = __toESM(require("fs"));
-var import_path24 = __toESM(require("path"));
-var import_os18 = __toESM(require("os"));
+var import_fs23 = __toESM(require("fs"));
+var import_path25 = __toESM(require("path"));
+var import_os19 = __toESM(require("os"));
 var import_crypto9 = __toESM(require("crypto"));
 function getPinsFilePath() {
-  return import_path24.default.join(import_os18.default.homedir(), ".node9", "skill-pins.json");
+  return import_path25.default.join(import_os19.default.homedir(), ".node9", "skill-pins.json");
 }
 var MAX_FILES = 5e3;
 var MAX_TOTAL_BYTES = 50 * 1024 * 1024;
@@ -10159,18 +10462,18 @@ function walkDir(root) {
     if (out.length >= MAX_FILES) return;
     let entries;
     try {
-      entries = import_fs22.default.readdirSync(dir, { withFileTypes: true });
+      entries = import_fs23.default.readdirSync(dir, { withFileTypes: true });
     } catch {
       return;
     }
     entries.sort((a, b) => a.name.localeCompare(b.name));
     for (const entry of entries) {
       if (out.length >= MAX_FILES) return;
-      const full = import_path24.default.join(dir, entry.name);
-      const rel = relDir ? import_path24.default.posix.join(relDir, entry.name) : entry.name;
+      const full = import_path25.default.join(dir, entry.name);
+      const rel = relDir ? import_path25.default.posix.join(relDir, entry.name) : entry.name;
       let lst;
       try {
-        lst = import_fs22.default.lstatSync(full);
+        lst = import_fs23.default.lstatSync(full);
       } catch {
         continue;
       }
@@ -10182,7 +10485,7 @@ function walkDir(root) {
       if (!lst.isFile()) continue;
       if (totalBytes + lst.size > MAX_TOTAL_BYTES) continue;
       try {
-        const buf = import_fs22.default.readFileSync(full);
+        const buf = import_fs23.default.readFileSync(full);
         totalBytes += buf.length;
         out.push({ rel, hash: sha256Bytes(buf) });
       } catch {
@@ -10196,14 +10499,14 @@ function walkDir(root) {
 function hashSkillRoot(absPath) {
   let lst;
   try {
-    lst = import_fs22.default.lstatSync(absPath);
+    lst = import_fs23.default.lstatSync(absPath);
   } catch {
     return { exists: false, contentHash: "", fileCount: 0 };
   }
   if (lst.isSymbolicLink()) return { exists: false, contentHash: "", fileCount: 0 };
   if (lst.isFile()) {
     try {
-      return { exists: true, contentHash: sha256Bytes(import_fs22.default.readFileSync(absPath)), fileCount: 1 };
+      return { exists: true, contentHash: sha256Bytes(import_fs23.default.readFileSync(absPath)), fileCount: 1 };
     } catch {
       return { exists: false, contentHash: "", fileCount: 0 };
     }
@@ -10221,7 +10524,7 @@ function getRootKey(absPath) {
 function readSkillPinsSafe() {
   const filePath = getPinsFilePath();
   try {
-    const raw = import_fs22.default.readFileSync(filePath, "utf-8");
+    const raw = import_fs23.default.readFileSync(filePath, "utf-8");
     if (!raw.trim()) return { ok: false, reason: "corrupt", detail: "empty file" };
     const parsed = JSON.parse(raw);
     if (!parsed.roots || typeof parsed.roots !== "object" || Array.isArray(parsed.roots)) {
@@ -10241,10 +10544,10 @@ function readSkillPins() {
 }
 function writeSkillPins(data) {
   const filePath = getPinsFilePath();
-  import_fs22.default.mkdirSync(import_path24.default.dirname(filePath), { recursive: true });
+  import_fs23.default.mkdirSync(import_path25.default.dirname(filePath), { recursive: true });
   const tmp = `${filePath}.${import_crypto9.default.randomBytes(6).toString("hex")}.tmp`;
-  import_fs22.default.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
-  import_fs22.default.renameSync(tmp, filePath);
+  import_fs23.default.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
+  import_fs23.default.renameSync(tmp, filePath);
 }
 function removePin(rootKey) {
   const pins = readSkillPins();
@@ -10288,36 +10591,36 @@ function verifyAndPinRoots(roots) {
   return { kind: "verified" };
 }
 function defaultSkillRoots(_cwd) {
-  const marketplaces = import_path24.default.join(import_os18.default.homedir(), ".claude", "plugins", "marketplaces");
+  const marketplaces = import_path25.default.join(import_os19.default.homedir(), ".claude", "plugins", "marketplaces");
   const roots = [];
   let registries;
   try {
-    registries = import_fs22.default.readdirSync(marketplaces, { withFileTypes: true });
+    registries = import_fs23.default.readdirSync(marketplaces, { withFileTypes: true });
   } catch {
     return [];
   }
   for (const registry of registries) {
     if (!registry.isDirectory()) continue;
-    const pluginsDir = import_path24.default.join(marketplaces, registry.name, "plugins");
+    const pluginsDir = import_path25.default.join(marketplaces, registry.name, "plugins");
     let plugins;
     try {
-      plugins = import_fs22.default.readdirSync(pluginsDir, { withFileTypes: true });
+      plugins = import_fs23.default.readdirSync(pluginsDir, { withFileTypes: true });
     } catch {
       continue;
     }
     for (const plugin of plugins) {
       if (!plugin.isDirectory()) continue;
-      roots.push(import_path24.default.join(pluginsDir, plugin.name));
+      roots.push(import_path25.default.join(pluginsDir, plugin.name));
     }
   }
   return roots;
 }
 function resolveUserSkillRoot(entry, cwd) {
   if (!entry) return null;
-  if (entry.startsWith("~/") || entry === "~") return import_path24.default.join(import_os18.default.homedir(), entry.slice(1));
-  if (import_path24.default.isAbsolute(entry)) return entry;
-  if (!cwd || !import_path24.default.isAbsolute(cwd)) return null;
-  return import_path24.default.join(cwd, entry);
+  if (entry.startsWith("~/") || entry === "~") return import_path25.default.join(import_os19.default.homedir(), entry.slice(1));
+  if (import_path25.default.isAbsolute(entry)) return entry;
+  if (!cwd || !import_path25.default.isAbsolute(cwd)) return null;
+  return import_path25.default.join(cwd, entry);
 }
 
 // src/cli/commands/check.ts
@@ -10335,9 +10638,9 @@ function registerCheckCommand(program2) {
         } catch (err2) {
           const tempConfig = getConfig();
           if (process.env.NODE9_DEBUG === "1" || tempConfig.settings.enableHookLogDebug) {
-            const logPath = import_path25.default.join(import_os19.default.homedir(), ".node9", "hook-debug.log");
+            const logPath = import_path26.default.join(import_os20.default.homedir(), ".node9", "hook-debug.log");
             const errMsg = err2 instanceof Error ? err2.message : String(err2);
-            import_fs23.default.appendFileSync(
+            import_fs24.default.appendFileSync(
               logPath,
               `[${(/* @__PURE__ */ new Date()).toISOString()}] JSON_PARSE_ERROR: ${errMsg}
 RAW: ${raw}
@@ -10350,11 +10653,11 @@ RAW: ${raw}
         if (config.settings.autoStartDaemon && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON) {
           try {
             const scriptPath = process.argv[1];
-            if (typeof scriptPath !== "string" || !import_path25.default.isAbsolute(scriptPath))
+            if (typeof scriptPath !== "string" || !import_path26.default.isAbsolute(scriptPath))
               throw new Error("node9: argv[1] is not an absolute path");
-            const resolvedScript = import_fs23.default.realpathSync(scriptPath);
-            const packageDist = import_fs23.default.realpathSync(import_path25.default.resolve(__dirname, "../.."));
-            if (!resolvedScript.startsWith(packageDist + import_path25.default.sep) && resolvedScript !== packageDist)
+            const resolvedScript = import_fs24.default.realpathSync(scriptPath);
+            const packageDist = import_fs24.default.realpathSync(import_path26.default.resolve(__dirname, "../.."));
+            if (!resolvedScript.startsWith(packageDist + import_path26.default.sep) && resolvedScript !== packageDist)
               throw new Error(
                 `node9: daemon spawn aborted \u2014 argv[1] (${resolvedScript}) is outside package dist (${packageDist})`
               );
@@ -10376,10 +10679,10 @@ RAW: ${raw}
             });
             d.unref();
           } catch (spawnErr) {
-            const logPath = import_path25.default.join(import_os19.default.homedir(), ".node9", "hook-debug.log");
+            const logPath = import_path26.default.join(import_os20.default.homedir(), ".node9", "hook-debug.log");
             const msg = spawnErr instanceof Error ? spawnErr.message : String(spawnErr);
             try {
-              import_fs23.default.appendFileSync(
+              import_fs24.default.appendFileSync(
                 logPath,
                 `[${(/* @__PURE__ */ new Date()).toISOString()}] daemon-autostart-failed: ${msg}
 `
@@ -10389,10 +10692,10 @@ RAW: ${raw}
           }
         }
         if (process.env.NODE9_DEBUG === "1" || config.settings.enableHookLogDebug) {
-          const logPath = import_path25.default.join(import_os19.default.homedir(), ".node9", "hook-debug.log");
-          if (!import_fs23.default.existsSync(import_path25.default.dirname(logPath)))
-            import_fs23.default.mkdirSync(import_path25.default.dirname(logPath), { recursive: true });
-          import_fs23.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
+          const logPath = import_path26.default.join(import_os20.default.homedir(), ".node9", "hook-debug.log");
+          if (!import_fs24.default.existsSync(import_path26.default.dirname(logPath)))
+            import_fs24.default.mkdirSync(import_path26.default.dirname(logPath), { recursive: true });
+          import_fs24.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
 `);
         }
         const toolName = sanitize2(payload.tool_name ?? payload.name ?? "");
@@ -10405,8 +10708,8 @@ RAW: ${raw}
           const isHumanDecision = blockedByContext.toLowerCase().includes("user") || blockedByContext.toLowerCase().includes("daemon") || blockedByContext.toLowerCase().includes("decision");
           let ttyFd = null;
           try {
-            ttyFd = import_fs23.default.openSync("/dev/tty", "w");
-            const writeTty = (line) => import_fs23.default.writeSync(ttyFd, line + "\n");
+            ttyFd = import_fs24.default.openSync("/dev/tty", "w");
+            const writeTty = (line) => import_fs24.default.writeSync(ttyFd, line + "\n");
             if (blockedByContext.includes("DLP") || blockedByContext.includes("Secret Detected") || blockedByContext.includes("Credential Review")) {
               writeTty(import_chalk5.default.bgRed.white.bold(`
  \u{1F6A8} NODE9 DLP ALERT \u2014 CREDENTIAL DETECTED `));
@@ -10425,7 +10728,7 @@ RAW: ${raw}
           } finally {
             if (ttyFd !== null)
               try {
-                import_fs23.default.closeSync(ttyFd);
+                import_fs24.default.closeSync(ttyFd);
               } catch {
               }
           }
@@ -10459,17 +10762,17 @@ RAW: ${raw}
         const safeSessionId = /^[A-Za-z0-9_\-]{1,128}$/.test(rawSessionId) ? rawSessionId : "";
         if (skillPinCfg.enabled && safeSessionId) {
           try {
-            const sessionsDir = import_path25.default.join(import_os19.default.homedir(), ".node9", "skill-sessions");
-            const flagPath = import_path25.default.join(sessionsDir, `${safeSessionId}.json`);
+            const sessionsDir = import_path26.default.join(import_os20.default.homedir(), ".node9", "skill-sessions");
+            const flagPath = import_path26.default.join(sessionsDir, `${safeSessionId}.json`);
             let flag = null;
             try {
-              flag = JSON.parse(import_fs23.default.readFileSync(flagPath, "utf-8"));
+              flag = JSON.parse(import_fs24.default.readFileSync(flagPath, "utf-8"));
             } catch {
             }
             const writeFlag = (data2) => {
               try {
-                import_fs23.default.mkdirSync(sessionsDir, { recursive: true });
-                import_fs23.default.writeFileSync(
+                import_fs24.default.mkdirSync(sessionsDir, { recursive: true });
+                import_fs24.default.writeFileSync(
                   flagPath,
                   JSON.stringify({ ...data2, timestamp: (/* @__PURE__ */ new Date()).toISOString() }, null, 2),
                   { mode: 384 }
@@ -10480,8 +10783,8 @@ RAW: ${raw}
             const sendSkillWarn = (detail, recoveryCmd) => {
               let ttyFd = null;
               try {
-                ttyFd = import_fs23.default.openSync("/dev/tty", "w");
-                const w = (line) => import_fs23.default.writeSync(ttyFd, line + "\n");
+                ttyFd = import_fs24.default.openSync("/dev/tty", "w");
+                const w = (line) => import_fs24.default.writeSync(ttyFd, line + "\n");
                 w(import_chalk5.default.yellow(`
 \u26A0\uFE0F  Node9: installed skill drift detected`));
                 w(import_chalk5.default.gray(`   ${detail}`));
@@ -10496,7 +10799,7 @@ RAW: ${raw}
               } finally {
                 if (ttyFd !== null)
                   try {
-                    import_fs23.default.closeSync(ttyFd);
+                    import_fs24.default.closeSync(ttyFd);
                   } catch {
                   }
               }
@@ -10512,7 +10815,7 @@ RAW: ${raw}
               return;
             }
             if (!flag || flag.state !== "verified" && flag.state !== "warned") {
-              const absoluteCwd = typeof payload.cwd === "string" && import_path25.default.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+              const absoluteCwd = typeof payload.cwd === "string" && import_path26.default.isAbsolute(payload.cwd) ? payload.cwd : void 0;
               const extraRoots = skillPinCfg.roots;
               const resolvedExtra = extraRoots.map((r) => resolveUserSkillRoot(r, absoluteCwd)).filter((r) => typeof r === "string");
               const roots = [...defaultSkillRoots(absoluteCwd), ...resolvedExtra];
@@ -10553,10 +10856,10 @@ RAW: ${raw}
               }
               try {
                 const cutoff = Date.now() - 7 * 24 * 60 * 60 * 1e3;
-                for (const name of import_fs23.default.readdirSync(sessionsDir)) {
-                  const p = import_path25.default.join(sessionsDir, name);
+                for (const name of import_fs24.default.readdirSync(sessionsDir)) {
+                  const p = import_path26.default.join(sessionsDir, name);
                   try {
-                    if (import_fs23.default.statSync(p).mtimeMs < cutoff) import_fs23.default.unlinkSync(p);
+                    if (import_fs24.default.statSync(p).mtimeMs < cutoff) import_fs24.default.unlinkSync(p);
                   } catch {
                   }
                 }
@@ -10566,9 +10869,9 @@ RAW: ${raw}
           } catch (err2) {
             if (process.env.NODE9_DEBUG === "1") {
               try {
-                const dbg = import_path25.default.join(import_os19.default.homedir(), ".node9", "hook-debug.log");
+                const dbg = import_path26.default.join(import_os20.default.homedir(), ".node9", "hook-debug.log");
                 const msg = err2 instanceof Error ? err2.message : String(err2);
-                import_fs23.default.appendFileSync(dbg, `[${(/* @__PURE__ */ new Date()).toISOString()}] SKILL_PIN_ERROR: ${msg}
+                import_fs24.default.appendFileSync(dbg, `[${(/* @__PURE__ */ new Date()).toISOString()}] SKILL_PIN_ERROR: ${msg}
 `);
               } catch {
               }
@@ -10578,7 +10881,7 @@ RAW: ${raw}
         if (shouldSnapshot(toolName, toolInput, config)) {
           await createShadowSnapshot(toolName, toolInput, config.policy.snapshot.ignorePaths);
         }
-        const safeCwdForAuth = typeof payload.cwd === "string" && import_path25.default.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+        const safeCwdForAuth = typeof payload.cwd === "string" && import_path26.default.isAbsolute(payload.cwd) ? payload.cwd : void 0;
         const result = await authorizeHeadless(toolName, toolInput, meta, {
           cwd: safeCwdForAuth
         });
@@ -10590,12 +10893,12 @@ RAW: ${raw}
         }
         if (result.noApprovalMechanism && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON && !process.stdout.isTTY && config.settings.autoStartDaemon) {
           try {
-            const tty = import_fs23.default.openSync("/dev/tty", "w");
-            import_fs23.default.writeSync(
+            const tty = import_fs24.default.openSync("/dev/tty", "w");
+            import_fs24.default.writeSync(
               tty,
               import_chalk5.default.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically...\n")
             );
-            import_fs23.default.closeSync(tty);
+            import_fs24.default.closeSync(tty);
           } catch {
           }
           const daemonReady = await autoStartDaemonAndWait();
@@ -10622,9 +10925,9 @@ RAW: ${raw}
         });
       } catch (err2) {
         if (process.env.NODE9_DEBUG === "1") {
-          const logPath = import_path25.default.join(import_os19.default.homedir(), ".node9", "hook-debug.log");
+          const logPath = import_path26.default.join(import_os20.default.homedir(), ".node9", "hook-debug.log");
           const errMsg = err2 instanceof Error ? err2.message : String(err2);
-          import_fs23.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
+          import_fs24.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
 `);
         }
         process.exit(0);
@@ -10658,9 +10961,9 @@ RAW: ${raw}
 }
 
 // src/cli/commands/log.ts
-var import_fs24 = __toESM(require("fs"));
-var import_path26 = __toESM(require("path"));
-var import_os20 = __toESM(require("os"));
+var import_fs25 = __toESM(require("fs"));
+var import_path27 = __toESM(require("path"));
+var import_os21 = __toESM(require("os"));
 init_audit();
 init_config();
 init_policy();
@@ -10736,10 +11039,10 @@ function registerLogCommand(program2) {
           decision: "allowed",
           source: "post-hook"
         };
-        const logPath = import_path26.default.join(import_os20.default.homedir(), ".node9", "audit.log");
-        if (!import_fs24.default.existsSync(import_path26.default.dirname(logPath)))
-          import_fs24.default.mkdirSync(import_path26.default.dirname(logPath), { recursive: true });
-        import_fs24.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
+        const logPath = import_path27.default.join(import_os21.default.homedir(), ".node9", "audit.log");
+        if (!import_fs25.default.existsSync(import_path27.default.dirname(logPath)))
+          import_fs25.default.mkdirSync(import_path27.default.dirname(logPath), { recursive: true });
+        import_fs25.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
         if ((tool === "Bash" || tool === "bash") && isDaemonRunning()) {
           const command = typeof rawInput === "object" && rawInput !== null && "command" in rawInput && typeof rawInput.command === "string" ? rawInput.command : null;
           if (command) {
@@ -10772,7 +11075,7 @@ function registerLogCommand(program2) {
             }
           }
         }
-        const safeCwd = typeof payload.cwd === "string" && import_path26.default.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+        const safeCwd = typeof payload.cwd === "string" && import_path27.default.isAbsolute(payload.cwd) ? payload.cwd : void 0;
         const config = getConfig(safeCwd);
         if (shouldSnapshot(tool, {}, config)) {
           await createShadowSnapshot("unknown", {}, config.policy.snapshot.ignorePaths);
@@ -10781,9 +11084,9 @@ function registerLogCommand(program2) {
         const msg = err2 instanceof Error ? err2.message : String(err2);
         process.stderr.write(`[Node9] audit log error: ${msg}
 `);
-        const debugPath = import_path26.default.join(import_os20.default.homedir(), ".node9", "hook-debug.log");
+        const debugPath = import_path27.default.join(import_os21.default.homedir(), ".node9", "hook-debug.log");
         try {
-          import_fs24.default.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
+          import_fs25.default.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
 `);
         } catch {
         }
@@ -11183,14 +11486,14 @@ function registerConfigShowCommand(program2) {
 
 // src/cli/commands/doctor.ts
 var import_chalk7 = __toESM(require("chalk"));
-var import_fs25 = __toESM(require("fs"));
-var import_path27 = __toESM(require("path"));
-var import_os21 = __toESM(require("os"));
+var import_fs26 = __toESM(require("fs"));
+var import_path28 = __toESM(require("path"));
+var import_os22 = __toESM(require("os"));
 var import_child_process11 = require("child_process");
 init_daemon();
 function registerDoctorCommand(program2, version2) {
   program2.command("doctor").description("Check that Node9 is installed and configured correctly").action(() => {
-    const homeDir2 = import_os21.default.homedir();
+    const homeDir2 = import_os22.default.homedir();
     let failures = 0;
     function pass(msg) {
       console.log(import_chalk7.default.green("  \u2705 ") + msg);
@@ -11239,10 +11542,10 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Configuration");
-    const globalConfigPath = import_path27.default.join(homeDir2, ".node9", "config.json");
-    if (import_fs25.default.existsSync(globalConfigPath)) {
+    const globalConfigPath = import_path28.default.join(homeDir2, ".node9", "config.json");
+    if (import_fs26.default.existsSync(globalConfigPath)) {
       try {
-        JSON.parse(import_fs25.default.readFileSync(globalConfigPath, "utf-8"));
+        JSON.parse(import_fs26.default.readFileSync(globalConfigPath, "utf-8"));
         pass("~/.node9/config.json found and valid");
       } catch {
         fail("~/.node9/config.json is invalid JSON", "Run: node9 init --force");
@@ -11250,10 +11553,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("~/.node9/config.json not found (using defaults)", "Run: node9 init");
     }
-    const projectConfigPath = import_path27.default.join(process.cwd(), "node9.config.json");
-    if (import_fs25.default.existsSync(projectConfigPath)) {
+    const projectConfigPath = import_path28.default.join(process.cwd(), "node9.config.json");
+    if (import_fs26.default.existsSync(projectConfigPath)) {
       try {
-        JSON.parse(import_fs25.default.readFileSync(projectConfigPath, "utf-8"));
+        JSON.parse(import_fs26.default.readFileSync(projectConfigPath, "utf-8"));
         pass("node9.config.json found and valid (project)");
       } catch {
         fail(
@@ -11262,8 +11565,8 @@ function registerDoctorCommand(program2, version2) {
         );
       }
     }
-    const credsPath = import_path27.default.join(homeDir2, ".node9", "credentials.json");
-    if (import_fs25.default.existsSync(credsPath)) {
+    const credsPath = import_path28.default.join(homeDir2, ".node9", "credentials.json");
+    if (import_fs26.default.existsSync(credsPath)) {
       pass("Cloud credentials found (~/.node9/credentials.json)");
     } else {
       warn(
@@ -11272,10 +11575,10 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Agent Hooks");
-    const claudeSettingsPath = import_path27.default.join(homeDir2, ".claude", "settings.json");
-    if (import_fs25.default.existsSync(claudeSettingsPath)) {
+    const claudeSettingsPath = import_path28.default.join(homeDir2, ".claude", "settings.json");
+    if (import_fs26.default.existsSync(claudeSettingsPath)) {
       try {
-        const cs = JSON.parse(import_fs25.default.readFileSync(claudeSettingsPath, "utf-8"));
+        const cs = JSON.parse(import_fs26.default.readFileSync(claudeSettingsPath, "utf-8"));
         const hasHook = cs.hooks?.PreToolUse?.some(
           (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
         );
@@ -11291,10 +11594,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Claude Code \u2014 not configured", "Run: node9 setup claude");
     }
-    const geminiSettingsPath = import_path27.default.join(homeDir2, ".gemini", "settings.json");
-    if (import_fs25.default.existsSync(geminiSettingsPath)) {
+    const geminiSettingsPath = import_path28.default.join(homeDir2, ".gemini", "settings.json");
+    if (import_fs26.default.existsSync(geminiSettingsPath)) {
       try {
-        const gs = JSON.parse(import_fs25.default.readFileSync(geminiSettingsPath, "utf-8"));
+        const gs = JSON.parse(import_fs26.default.readFileSync(geminiSettingsPath, "utf-8"));
         const hasHook = gs.hooks?.BeforeTool?.some(
           (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
         );
@@ -11310,10 +11613,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Gemini CLI  \u2014 not configured", "Run: node9 setup gemini  (skip if not using Gemini)");
     }
-    const cursorHooksPath = import_path27.default.join(homeDir2, ".cursor", "hooks.json");
-    if (import_fs25.default.existsSync(cursorHooksPath)) {
+    const cursorHooksPath = import_path28.default.join(homeDir2, ".cursor", "hooks.json");
+    if (import_fs26.default.existsSync(cursorHooksPath)) {
       try {
-        const cur = JSON.parse(import_fs25.default.readFileSync(cursorHooksPath, "utf-8"));
+        const cur = JSON.parse(import_fs26.default.readFileSync(cursorHooksPath, "utf-8"));
         const hasHook = cur.hooks?.preToolUse?.some(
           (h) => h.command?.includes("node9") || h.command?.includes("cli.js")
         );
@@ -11351,9 +11654,9 @@ function registerDoctorCommand(program2, version2) {
 
 // src/cli/commands/audit.ts
 var import_chalk8 = __toESM(require("chalk"));
-var import_fs26 = __toESM(require("fs"));
-var import_path28 = __toESM(require("path"));
-var import_os22 = __toESM(require("os"));
+var import_fs27 = __toESM(require("fs"));
+var import_path29 = __toESM(require("path"));
+var import_os23 = __toESM(require("os"));
 function formatRelativeTime(timestamp) {
   const diff = Date.now() - new Date(timestamp).getTime();
   const sec = Math.floor(diff / 1e3);
@@ -11366,14 +11669,14 @@ function formatRelativeTime(timestamp) {
 }
 function registerAuditCommand(program2) {
   program2.command("audit").description("View local execution audit log").option("--tail <n>", "Number of entries to show", "20").option("--tool <pattern>", "Filter by tool name (substring match)").option("--deny", "Show only denied actions").option("--json", "Output raw JSON").action((options) => {
-    const logPath = import_path28.default.join(import_os22.default.homedir(), ".node9", "audit.log");
-    if (!import_fs26.default.existsSync(logPath)) {
+    const logPath = import_path29.default.join(import_os23.default.homedir(), ".node9", "audit.log");
+    if (!import_fs27.default.existsSync(logPath)) {
       console.log(
         import_chalk8.default.yellow("No audit logs found. Run node9 with an agent to generate entries.")
       );
       return;
     }
-    const raw = import_fs26.default.readFileSync(logPath, "utf-8");
+    const raw = import_fs27.default.readFileSync(logPath, "utf-8");
     const lines = raw.split("\n").filter((l) => l.trim() !== "");
     let entries = lines.flatMap((line) => {
       try {
@@ -11427,9 +11730,9 @@ function registerAuditCommand(program2) {
 
 // src/cli/commands/report.ts
 var import_chalk9 = __toESM(require("chalk"));
-var import_fs27 = __toESM(require("fs"));
-var import_path29 = __toESM(require("path"));
-var import_os23 = __toESM(require("os"));
+var import_fs28 = __toESM(require("fs"));
+var import_path30 = __toESM(require("path"));
+var import_os24 = __toESM(require("os"));
 var TEST_COMMAND_RE3 = /(?:^|\s)(npm\s+(?:run\s+)?test|npx\s+(?:vitest|jest|mocha)|yarn\s+(?:run\s+)?test|pnpm\s+(?:run\s+)?test|vitest|jest|mocha|pytest|py\.test|cargo\s+test|go\s+test|bundle\s+exec\s+rspec|rspec|phpunit|dotnet\s+test)\b/i;
 function buildTestTimestamps(allEntries) {
   const testTs = /* @__PURE__ */ new Set();
@@ -11476,8 +11779,8 @@ function getDateRange(period) {
   }
 }
 function parseAuditLog(logPath) {
-  if (!import_fs27.default.existsSync(logPath)) return [];
-  const raw = import_fs27.default.readFileSync(logPath, "utf-8");
+  if (!import_fs28.default.existsSync(logPath)) return [];
+  const raw = import_fs28.default.readFileSync(logPath, "utf-8");
   return raw.split("\n").flatMap((line) => {
     if (!line.trim()) return [];
     try {
@@ -11544,34 +11847,38 @@ function loadClaudeCost(start, end) {
     byDay: /* @__PURE__ */ new Map(),
     byModel: /* @__PURE__ */ new Map(),
     inputTokens: 0,
+    outputTokens: 0,
+    cacheWriteTokens: 0,
     cacheReadTokens: 0
   };
-  const projectsDir = import_path29.default.join(import_os23.default.homedir(), ".claude", "projects");
-  if (!import_fs27.default.existsSync(projectsDir)) return empty;
+  const projectsDir = import_path30.default.join(import_os24.default.homedir(), ".claude", "projects");
+  if (!import_fs28.default.existsSync(projectsDir)) return empty;
   let dirs;
   try {
-    dirs = import_fs27.default.readdirSync(projectsDir);
+    dirs = import_fs28.default.readdirSync(projectsDir);
   } catch {
     return empty;
   }
   let total = 0;
   let inputTokens = 0;
+  let outputTokens = 0;
+  let cacheWriteTokens = 0;
   let cacheReadTokens = 0;
   const byDay = /* @__PURE__ */ new Map();
   const byModel = /* @__PURE__ */ new Map();
   for (const proj of dirs) {
-    const projPath = import_path29.default.join(projectsDir, proj);
+    const projPath = import_path30.default.join(projectsDir, proj);
     let files;
     try {
-      const stat = import_fs27.default.statSync(projPath);
+      const stat = import_fs28.default.statSync(projPath);
       if (!stat.isDirectory()) continue;
-      files = import_fs27.default.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
+      files = import_fs28.default.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
     } catch {
       continue;
     }
     for (const file of files) {
       try {
-        const raw = import_fs27.default.readFileSync(import_path29.default.join(projPath, file), "utf-8");
+        const raw = import_fs28.default.readFileSync(import_path30.default.join(projPath, file), "utf-8");
         for (const line of raw.split("\n")) {
           if (!line.trim()) continue;
           let entry;
@@ -11596,6 +11903,8 @@ function loadClaudeCost(start, end) {
           const cost = inp * p.i + out * p.o + cw * p.cw + cr * p.cr;
           total += cost;
           inputTokens += inp;
+          outputTokens += out;
+          cacheWriteTokens += cw;
           cacheReadTokens += cr;
           const dateKey = entry.timestamp.slice(0, 10);
           byDay.set(dateKey, (byDay.get(dateKey) ?? 0) + cost);
@@ -11607,15 +11916,24 @@ function loadClaudeCost(start, end) {
       }
     }
   }
-  return { total, byDay, byModel, inputTokens, cacheReadTokens };
+  return { total, byDay, byModel, inputTokens, outputTokens, cacheWriteTokens, cacheReadTokens };
 }
 function registerReportCommand(program2) {
   program2.command("report").description("Activity and security report \u2014 what Claude did, what was blocked").option("--period <period>", "today | 7d | 30d | month", "7d").option("--no-tests", "exclude test runner calls (npm test, vitest, pytest\u2026) from stats").action((options) => {
     const period = ["today", "7d", "30d", "month"].includes(
       options.period
     ) ? options.period : "7d";
-    const logPath = import_path29.default.join(import_os23.default.homedir(), ".node9", "audit.log");
+    const logPath = import_path30.default.join(import_os24.default.homedir(), ".node9", "audit.log");
     const allEntries = parseAuditLog(logPath);
+    const unackedDlp = allEntries.filter((e) => e.source === "response-dlp");
+    if (unackedDlp.length > 0) {
+      console.log("");
+      console.log(
+        import_chalk9.default.bgRed.white.bold(
+          ` \u26A0\uFE0F  DLP ALERT: ${unackedDlp.length} secret${unackedDlp.length !== 1 ? "s" : ""} found in Claude response text `
+        ) + "  " + import_chalk9.default.yellow("\u2192 run: node9 dlp")
+      );
+    }
     if (allEntries.length === 0) {
       console.log(
         import_chalk9.default.yellow("\n  No audit data found. Run node9 with Claude Code to generate entries.\n")
@@ -11628,6 +11946,8 @@ function registerReportCommand(program2) {
       byDay: costByDay,
       byModel: costByModel,
       inputTokens: costInputTokens,
+      outputTokens: costOutputTokens,
+      cacheWriteTokens: costCacheWrite,
       cacheReadTokens: costCacheRead
     } = loadClaudeCost(start, end);
     const periodMs = end.getTime() - start.getTime();
@@ -11645,6 +11965,7 @@ function registerReportCommand(program2) {
     let filteredTestCount = 0;
     const entries = allEntries.filter((e) => {
       if (e.source === "post-hook") return false;
+      if (e.source === "response-dlp") return false;
       const ts = new Date(e.ts);
       if (ts < start || ts > end) return false;
       if (excludeTests && isTestEntry(e, testTs)) {
@@ -11778,7 +12099,7 @@ function registerReportCommand(program2) {
     if (topBlocks.length === 0) {
       console.log("  " + " ".repeat(COL) + "  " + import_chalk9.default.dim("nothing blocked \u2713"));
     }
-    if (agentMap.size > 1) {
+    if (agentMap.size >= 1) {
       console.log("");
       console.log("  " + import_chalk9.default.bold("Agents"));
       console.log("  " + import_chalk9.default.dim("\u2500".repeat(Math.min(50, W - 4))));
@@ -11828,6 +12149,40 @@ function registerReportCommand(program2) {
         );
       }
     }
+    const totalTokens = costInputTokens + costOutputTokens + costCacheWrite + costCacheRead;
+    if (totalTokens > 0) {
+      const cacheHitPct = costInputTokens + costCacheRead > 0 ? Math.round(costCacheRead / (costInputTokens + costCacheRead) * 100) : 0;
+      console.log("");
+      console.log("  " + import_chalk9.default.bold("Tokens") + "  " + import_chalk9.default.dim(`${num(totalTokens)} total`));
+      console.log("  " + import_chalk9.default.dim("\u2500".repeat(Math.min(50, W - 4))));
+      const tokenRows = [
+        ["Input", costInputTokens, import_chalk9.default.cyan(num(costInputTokens))],
+        ["Output", costOutputTokens, import_chalk9.default.white(num(costOutputTokens))],
+        ["Cache write", costCacheWrite, import_chalk9.default.yellow(num(costCacheWrite))],
+        ["Cache read", costCacheRead, import_chalk9.default.green(num(costCacheRead))]
+      ];
+      const maxTok = Math.max(
+        costInputTokens,
+        costOutputTokens,
+        costCacheWrite,
+        costCacheRead,
+        1
+      );
+      const TOK_BAR = Math.max(6, Math.min(20, W - 30));
+      const TOK_LABEL = 14;
+      for (const [label, count, colored] of tokenRows) {
+        if (count === 0) continue;
+        const b = colorBar(count, maxTok, TOK_BAR);
+        console.log("  " + import_chalk9.default.white(label.padEnd(TOK_LABEL)) + b + "  " + colored);
+      }
+      if (cacheHitPct > 0) {
+        console.log(
+          "  " + import_chalk9.default.dim(
+            `Cache hit rate: ${cacheHitPct}%  (saves ~${fmtCost(costCacheRead * 27e-7)} vs fresh input)`
+          )
+        );
+      }
+    }
     if (costUSD > 0) {
       const periodDays = Math.max(1, Math.ceil((end.getTime() - start.getTime()) / 864e5));
       const avgPerDay = costUSD / periodDays;
@@ -11852,6 +12207,33 @@ function registerReportCommand(program2) {
         );
       }
     }
+    const responseDlpEntries = allEntries.filter((e) => {
+      if (e.source !== "response-dlp") return false;
+      const ts = new Date(e.ts);
+      return ts >= start && ts <= end;
+    });
+    if (responseDlpEntries.length > 0) {
+      console.log("");
+      console.log(
+        "  " + import_chalk9.default.red.bold("\u26A0\uFE0F  Response DLP") + import_chalk9.default.dim("  \xB7  ") + import_chalk9.default.red(
+          `${responseDlpEntries.length} secret${responseDlpEntries.length !== 1 ? "s" : ""} found in Claude response text`
+        )
+      );
+      console.log("  " + import_chalk9.default.dim("\u2500".repeat(Math.min(60, W - 4))));
+      console.log(
+        "  " + import_chalk9.default.yellow("These were NOT blocked \u2014 Claude included them in response prose.")
+      );
+      console.log("  " + import_chalk9.default.yellow("Rotate affected keys immediately."));
+      for (const e of responseDlpEntries.slice(0, 5)) {
+        const ts = import_chalk9.default.dim(fmtDate(e.ts) + "  ");
+        const pattern = import_chalk9.default.red(e.dlpPattern ?? "DLP");
+        const sample = import_chalk9.default.gray(e.dlpSample ?? "");
+        console.log(`    ${ts}${pattern}  ${sample}`);
+      }
+      if (responseDlpEntries.length > 5) {
+        console.log(import_chalk9.default.dim(`    \u2026 and ${responseDlpEntries.length - 5} more`));
+      }
+    }
     console.log("");
     console.log(
       "  " + import_chalk9.default.dim("node9 audit --deny") + import_chalk9.default.dim("  \xB7  ") + import_chalk9.default.dim("node9 report --period today|7d|30d|month  --no-tests")
@@ -11967,14 +12349,14 @@ function registerDaemonCommand(program2) {
 
 // src/cli/commands/status.ts
 var import_chalk11 = __toESM(require("chalk"));
-var import_fs28 = __toESM(require("fs"));
-var import_path30 = __toESM(require("path"));
-var import_os24 = __toESM(require("os"));
+var import_fs29 = __toESM(require("fs"));
+var import_path31 = __toESM(require("path"));
+var import_os25 = __toESM(require("os"));
 init_core();
 init_daemon();
 function readJson2(filePath) {
   try {
-    if (import_fs28.default.existsSync(filePath)) return JSON.parse(import_fs28.default.readFileSync(filePath, "utf-8"));
+    if (import_fs29.default.existsSync(filePath)) return JSON.parse(import_fs29.default.readFileSync(filePath, "utf-8"));
   } catch {
   }
   return null;
@@ -12039,28 +12421,28 @@ function registerStatusCommand(program2) {
     console.log("");
     const modeLabel = settings.mode === "audit" ? import_chalk11.default.blue("audit") : settings.mode === "strict" ? import_chalk11.default.red("strict") : import_chalk11.default.white("standard");
     console.log(`  Mode:    ${modeLabel}`);
-    const projectConfig = import_path30.default.join(process.cwd(), "node9.config.json");
-    const globalConfig = import_path30.default.join(import_os24.default.homedir(), ".node9", "config.json");
+    const projectConfig = import_path31.default.join(process.cwd(), "node9.config.json");
+    const globalConfig = import_path31.default.join(import_os25.default.homedir(), ".node9", "config.json");
     console.log(
-      `  Local:   ${import_fs28.default.existsSync(projectConfig) ? import_chalk11.default.green("Active (node9.config.json)") : import_chalk11.default.gray("Not present")}`
+      `  Local:   ${import_fs29.default.existsSync(projectConfig) ? import_chalk11.default.green("Active (node9.config.json)") : import_chalk11.default.gray("Not present")}`
     );
     console.log(
-      `  Global:  ${import_fs28.default.existsSync(globalConfig) ? import_chalk11.default.green("Active (~/.node9/config.json)") : import_chalk11.default.gray("Not present")}`
+      `  Global:  ${import_fs29.default.existsSync(globalConfig) ? import_chalk11.default.green("Active (~/.node9/config.json)") : import_chalk11.default.gray("Not present")}`
     );
     if (mergedConfig.policy.sandboxPaths.length > 0) {
       console.log(
         `  Sandbox: ${import_chalk11.default.green(`${mergedConfig.policy.sandboxPaths.length} safe zones active`)}`
       );
     }
-    const homeDir2 = import_os24.default.homedir();
+    const homeDir2 = import_os25.default.homedir();
     const claudeSettings = readJson2(
-      import_path30.default.join(homeDir2, ".claude", "settings.json")
+      import_path31.default.join(homeDir2, ".claude", "settings.json")
     );
-    const claudeConfig = readJson2(import_path30.default.join(homeDir2, ".claude.json"));
+    const claudeConfig = readJson2(import_path31.default.join(homeDir2, ".claude.json"));
     const geminiSettings = readJson2(
-      import_path30.default.join(homeDir2, ".gemini", "settings.json")
+      import_path31.default.join(homeDir2, ".gemini", "settings.json")
     );
-    const cursorConfig = readJson2(import_path30.default.join(homeDir2, ".cursor", "mcp.json"));
+    const cursorConfig = readJson2(import_path31.default.join(homeDir2, ".cursor", "mcp.json"));
     const agentFound = claudeSettings || claudeConfig || geminiSettings || cursorConfig;
     if (agentFound) {
       console.log("");
@@ -12119,9 +12501,9 @@ function registerStatusCommand(program2) {
 
 // src/cli/commands/init.ts
 var import_chalk12 = __toESM(require("chalk"));
-var import_fs29 = __toESM(require("fs"));
-var import_path31 = __toESM(require("path"));
-var import_os25 = __toESM(require("os"));
+var import_fs30 = __toESM(require("fs"));
+var import_path32 = __toESM(require("path"));
+var import_os26 = __toESM(require("os"));
 var import_https3 = __toESM(require("https"));
 init_core();
 init_shields();
@@ -12182,15 +12564,15 @@ function registerInitCommand(program2) {
       }
       console.log("");
     }
-    const configPath = import_path31.default.join(import_os25.default.homedir(), ".node9", "config.json");
-    if (import_fs29.default.existsSync(configPath) && !options.force) {
+    const configPath = import_path32.default.join(import_os26.default.homedir(), ".node9", "config.json");
+    if (import_fs30.default.existsSync(configPath) && !options.force) {
       try {
-        const existing = JSON.parse(import_fs29.default.readFileSync(configPath, "utf-8"));
+        const existing = JSON.parse(import_fs30.default.readFileSync(configPath, "utf-8"));
         const settings = existing.settings ?? {};
         if (settings.mode !== chosenMode) {
           settings.mode = chosenMode;
           existing.settings = settings;
-          import_fs29.default.writeFileSync(configPath, JSON.stringify(existing, null, 2) + "\n");
+          import_fs30.default.writeFileSync(configPath, JSON.stringify(existing, null, 2) + "\n");
           console.log(import_chalk12.default.green(`\u2705 Mode updated: ${chosenMode}`));
         } else {
           console.log(import_chalk12.default.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
@@ -12203,9 +12585,9 @@ function registerInitCommand(program2) {
         ...DEFAULT_CONFIG,
         settings: { ...DEFAULT_CONFIG.settings, mode: chosenMode }
       };
-      const dir = import_path31.default.dirname(configPath);
-      if (!import_fs29.default.existsSync(dir)) import_fs29.default.mkdirSync(dir, { recursive: true });
-      import_fs29.default.writeFileSync(configPath, JSON.stringify(configToSave, null, 2) + "\n");
+      const dir = import_path32.default.dirname(configPath);
+      if (!import_fs30.default.existsSync(dir)) import_fs30.default.mkdirSync(dir, { recursive: true });
+      import_fs30.default.writeFileSync(configPath, JSON.stringify(configToSave, null, 2) + "\n");
       console.log(import_chalk12.default.green(`\u2705 Config created: ${configPath}`));
       console.log(import_chalk12.default.gray(`   Mode: ${chosenMode}`));
     }
@@ -12289,7 +12671,7 @@ function registerInitCommand(program2) {
 }
 
 // src/cli/commands/undo.ts
-var import_path32 = __toESM(require("path"));
+var import_path33 = __toESM(require("path"));
 var import_chalk14 = __toESM(require("chalk"));
 
 // src/tui/undo-navigator.ts
@@ -12448,7 +12830,7 @@ function findMatchingCwd(startDir, history) {
   let dir = startDir;
   while (true) {
     if (cwds.has(dir)) return dir;
-    const parent = import_path32.default.dirname(dir);
+    const parent = import_path33.default.dirname(dir);
     if (parent === dir) return null;
     dir = parent;
   }
@@ -12644,12 +13026,12 @@ init_orchestrator();
 init_provenance();
 
 // src/mcp-pin.ts
-var import_fs30 = __toESM(require("fs"));
-var import_path33 = __toESM(require("path"));
-var import_os26 = __toESM(require("os"));
+var import_fs31 = __toESM(require("fs"));
+var import_path34 = __toESM(require("path"));
+var import_os27 = __toESM(require("os"));
 var import_crypto10 = __toESM(require("crypto"));
 function getPinsFilePath2() {
-  return import_path33.default.join(import_os26.default.homedir(), ".node9", "mcp-pins.json");
+  return import_path34.default.join(import_os27.default.homedir(), ".node9", "mcp-pins.json");
 }
 function hashToolDefinitions(tools) {
   const sorted = [...tools].sort((a, b) => {
@@ -12666,7 +13048,7 @@ function getServerKey(upstreamCommand) {
 function readMcpPinsSafe() {
   const filePath = getPinsFilePath2();
   try {
-    const raw = import_fs30.default.readFileSync(filePath, "utf-8");
+    const raw = import_fs31.default.readFileSync(filePath, "utf-8");
     if (!raw.trim()) {
       return { ok: false, reason: "corrupt", detail: "empty file" };
     }
@@ -12690,10 +13072,10 @@ function readMcpPins() {
 }
 function writeMcpPins(data) {
   const filePath = getPinsFilePath2();
-  import_fs30.default.mkdirSync(import_path33.default.dirname(filePath), { recursive: true });
+  import_fs31.default.mkdirSync(import_path34.default.dirname(filePath), { recursive: true });
   const tmp = `${filePath}.${import_crypto10.default.randomBytes(6).toString("hex")}.tmp`;
-  import_fs30.default.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
-  import_fs30.default.renameSync(tmp, filePath);
+  import_fs31.default.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
+  import_fs31.default.renameSync(tmp, filePath);
 }
 function checkPin(serverKey, currentHash) {
   const result = readMcpPinsSafe();
@@ -13065,9 +13447,9 @@ function registerMcpGatewayCommand(program2) {
 
 // src/mcp-server/index.ts
 var import_readline4 = __toESM(require("readline"));
-var import_fs31 = __toESM(require("fs"));
-var import_os27 = __toESM(require("os"));
-var import_path34 = __toESM(require("path"));
+var import_fs32 = __toESM(require("fs"));
+var import_os28 = __toESM(require("os"));
+var import_path35 = __toESM(require("path"));
 init_core();
 init_daemon();
 init_shields();
@@ -13242,13 +13624,13 @@ function handleStatus() {
   lines.push(`Active shields: ${activeShields.length > 0 ? activeShields.join(", ") : "none"}`);
   lines.push(`Smart rules: ${config.policy.smartRules.length} loaded`);
   lines.push(`DLP: ${config.policy.dlp?.enabled !== false ? "enabled" : "disabled"}`);
-  const projectConfig = import_path34.default.join(process.cwd(), "node9.config.json");
-  const globalConfig = import_path34.default.join(import_os27.default.homedir(), ".node9", "config.json");
+  const projectConfig = import_path35.default.join(process.cwd(), "node9.config.json");
+  const globalConfig = import_path35.default.join(import_os28.default.homedir(), ".node9", "config.json");
   lines.push(
-    `Project config (node9.config.json): ${import_fs31.default.existsSync(projectConfig) ? "present" : "not found"}`
+    `Project config (node9.config.json): ${import_fs32.default.existsSync(projectConfig) ? "present" : "not found"}`
   );
   lines.push(
-    `Global config (~/.node9/config.json): ${import_fs31.default.existsSync(globalConfig) ? "present" : "not found"}`
+    `Global config (~/.node9/config.json): ${import_fs32.default.existsSync(globalConfig) ? "present" : "not found"}`
   );
   return lines.join("\n");
 }
@@ -13322,21 +13704,21 @@ function handleShieldDisable(args) {
   writeActiveShields(active.filter((s) => s !== name));
   return `Shield "${name}" disabled.`;
 }
-var GLOBAL_CONFIG_PATH2 = import_path34.default.join(import_os27.default.homedir(), ".node9", "config.json");
+var GLOBAL_CONFIG_PATH2 = import_path35.default.join(import_os28.default.homedir(), ".node9", "config.json");
 var APPROVER_CHANNELS = ["native", "browser", "cloud", "terminal"];
 function readGlobalConfigRaw() {
   try {
-    if (import_fs31.default.existsSync(GLOBAL_CONFIG_PATH2)) {
-      return JSON.parse(import_fs31.default.readFileSync(GLOBAL_CONFIG_PATH2, "utf-8"));
+    if (import_fs32.default.existsSync(GLOBAL_CONFIG_PATH2)) {
+      return JSON.parse(import_fs32.default.readFileSync(GLOBAL_CONFIG_PATH2, "utf-8"));
     }
   } catch {
   }
   return {};
 }
 function writeGlobalConfigRaw(data) {
-  const dir = import_path34.default.dirname(GLOBAL_CONFIG_PATH2);
-  if (!import_fs31.default.existsSync(dir)) import_fs31.default.mkdirSync(dir, { recursive: true });
-  import_fs31.default.writeFileSync(GLOBAL_CONFIG_PATH2, JSON.stringify(data, null, 2) + "\n");
+  const dir = import_path35.default.dirname(GLOBAL_CONFIG_PATH2);
+  if (!import_fs32.default.existsSync(dir)) import_fs32.default.mkdirSync(dir, { recursive: true });
+  import_fs32.default.writeFileSync(GLOBAL_CONFIG_PATH2, JSON.stringify(data, null, 2) + "\n");
 }
 function handleApproverList() {
   const config = getConfig();
@@ -13379,9 +13761,9 @@ function handleApproverSet(args) {
 }
 function handleAuditGet(args) {
   const limit = Math.min(typeof args.limit === "number" ? args.limit : 20, 100);
-  const auditPath = import_path34.default.join(import_os27.default.homedir(), ".node9", "audit.log");
-  if (!import_fs31.default.existsSync(auditPath)) return "No audit log found.";
-  const lines = import_fs31.default.readFileSync(auditPath, "utf-8").trim().split("\n").filter(Boolean);
+  const auditPath = import_path35.default.join(import_os28.default.homedir(), ".node9", "audit.log");
+  if (!import_fs32.default.existsSync(auditPath)) return "No audit log found.";
+  const lines = import_fs32.default.readFileSync(auditPath, "utf-8").trim().split("\n").filter(Boolean);
   const recent = lines.slice(-limit);
   const entries = recent.map((line) => {
     try {
@@ -13839,9 +14221,9 @@ function registerAgentsCommand(program2) {
 
 // src/cli/commands/scan.ts
 var import_chalk21 = __toESM(require("chalk"));
-var import_fs32 = __toESM(require("fs"));
-var import_path35 = __toESM(require("path"));
-var import_os28 = __toESM(require("os"));
+var import_fs33 = __toESM(require("fs"));
+var import_path36 = __toESM(require("path"));
+var import_os29 = __toESM(require("os"));
 init_shields();
 init_config();
 init_policy();
@@ -13913,7 +14295,7 @@ function buildRuleSources() {
   return sources;
 }
 function scanClaudeHistory(startDate) {
-  const projectsDir = import_path35.default.join(import_os28.default.homedir(), ".claude", "projects");
+  const projectsDir = import_path36.default.join(import_os29.default.homedir(), ".claude", "projects");
   const result = {
     filesScanned: 0,
     sessions: 0,
@@ -13925,25 +14307,25 @@ function scanClaudeHistory(startDate) {
     firstDate: null,
     lastDate: null
   };
-  if (!import_fs32.default.existsSync(projectsDir)) return result;
+  if (!import_fs33.default.existsSync(projectsDir)) return result;
   let projDirs;
   try {
-    projDirs = import_fs32.default.readdirSync(projectsDir);
+    projDirs = import_fs33.default.readdirSync(projectsDir);
   } catch {
     return result;
   }
   const ruleSources = buildRuleSources();
   for (const proj of projDirs) {
-    const projPath = import_path35.default.join(projectsDir, proj);
+    const projPath = import_path36.default.join(projectsDir, proj);
     try {
-      if (!import_fs32.default.statSync(projPath).isDirectory()) continue;
+      if (!import_fs33.default.statSync(projPath).isDirectory()) continue;
     } catch {
       continue;
     }
-    const projLabel = decodeURIComponent(proj).replace(import_os28.default.homedir(), "~").slice(0, 40);
+    const projLabel = decodeURIComponent(proj).replace(import_os29.default.homedir(), "~").slice(0, 40);
     let files;
     try {
-      files = import_fs32.default.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
+      files = import_fs33.default.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
     } catch {
       continue;
     }
@@ -13952,7 +14334,7 @@ function scanClaudeHistory(startDate) {
       result.sessions++;
       let raw;
       try {
-        raw = import_fs32.default.readFileSync(import_path35.default.join(projPath, file), "utf-8");
+        raw = import_fs33.default.readFileSync(import_path36.default.join(projPath, file), "utf-8");
       } catch {
         continue;
       }
@@ -13993,6 +14375,9 @@ function scanClaudeHistory(startDate) {
           if (toolNameLower === "bash" || toolNameLower === "execute_bash") {
             result.bashCalls++;
           }
+          const rawCmd = String(input.command ?? "").trimStart();
+          if (/^node9\s+(scan|explain|report|tail|dlp|status|sessions|audit)\b/.test(rawCmd))
+            continue;
           const dlpMatch = scanArgs(input);
           if (dlpMatch) {
             const isDupe = result.dlpFindings.some(
@@ -14010,6 +14395,7 @@ function scanClaudeHistory(startDate) {
           }
           for (const source of ruleSources) {
             const { rule } = source;
+            if (rule.verdict === "allow") continue;
             if (rule.tool && !matchesPattern(toolNameLower, rule.tool)) continue;
             if (!evaluateSmartConditions(input, rule)) continue;
             const inputPreview = preview(input, 120);
@@ -14045,8 +14431,8 @@ function registerScanCommand(program2) {
     console.log("");
     console.log(import_chalk21.default.cyan.bold("\u{1F50D}  node9 scan") + import_chalk21.default.dim("  \u2014 what would node9 catch?"));
     console.log("");
-    const projectsDir = import_path35.default.join(import_os28.default.homedir(), ".claude", "projects");
-    if (!import_fs32.default.existsSync(projectsDir)) {
+    const projectsDir = import_path36.default.join(import_os29.default.homedir(), ".claude", "projects");
+    if (!import_fs33.default.existsSync(projectsDir)) {
       console.log(import_chalk21.default.yellow("  No Claude history found at ~/.claude/projects/"));
       console.log(import_chalk21.default.gray("  Install Claude Code, run a few sessions, then try again.\n"));
       return;
@@ -14158,8 +14544,8 @@ function registerScanCommand(program2) {
       );
       console.log("");
     }
-    const auditLog = import_path35.default.join(import_os28.default.homedir(), ".node9", "audit.log");
-    if (import_fs32.default.existsSync(auditLog)) {
+    const auditLog = import_path36.default.join(import_os29.default.homedir(), ".node9", "audit.log");
+    if (import_fs33.default.existsSync(auditLog)) {
       console.log(import_chalk21.default.green("  \u2705 node9 is active \u2014 future sessions are protected."));
       console.log(
         import_chalk21.default.dim("  Run ") + import_chalk21.default.cyan("node9 report") + import_chalk21.default.dim(" to see live stats.")
@@ -14176,9 +14562,9 @@ function registerScanCommand(program2) {
 
 // src/cli/commands/sessions.ts
 var import_chalk22 = __toESM(require("chalk"));
-var import_fs33 = __toESM(require("fs"));
-var import_path36 = __toESM(require("path"));
-var import_os29 = __toESM(require("os"));
+var import_fs34 = __toESM(require("fs"));
+var import_path37 = __toESM(require("path"));
+var import_os30 = __toESM(require("os"));
 var CLAUDE_PRICING3 = {
   "claude-opus-4-6": { i: 5e-6, o: 25e-6, cw: 625e-8, cr: 5e-7 },
   "claude-opus-4-5": { i: 5e-6, o: 25e-6, cw: 625e-8, cr: 5e-7 },
@@ -14203,10 +14589,10 @@ function encodeProjectPath(projectPath) {
 }
 function sessionJsonlPath(projectPath, sessionId) {
   const encoded = encodeProjectPath(projectPath);
-  return import_path36.default.join(import_os29.default.homedir(), ".claude", "projects", encoded, `${sessionId}.jsonl`);
+  return import_path37.default.join(import_os30.default.homedir(), ".claude", "projects", encoded, `${sessionId}.jsonl`);
 }
 function projectLabel(projectPath) {
-  return projectPath.replace(import_os29.default.homedir(), "~");
+  return projectPath.replace(import_os30.default.homedir(), "~");
 }
 function parseHistoryLines(lines) {
   const entries = [];
@@ -14275,10 +14661,10 @@ function parseSessionLines(lines) {
   return { toolCalls, costUSD, hasSnapshot, modifiedFiles };
 }
 function loadAuditEntries(auditPath) {
-  const aPath = auditPath ?? import_path36.default.join(import_os29.default.homedir(), ".node9", "audit.log");
+  const aPath = auditPath ?? import_path37.default.join(import_os30.default.homedir(), ".node9", "audit.log");
   let raw;
   try {
-    raw = import_fs33.default.readFileSync(aPath, "utf-8");
+    raw = import_fs34.default.readFileSync(aPath, "utf-8");
   } catch {
     return [];
   }
@@ -14314,10 +14700,10 @@ function auditEntriesInWindow(entries, windowStart, windowEnd) {
   return result;
 }
 function buildSessions(days, historyPath) {
-  const hPath = historyPath ?? import_path36.default.join(import_os29.default.homedir(), ".claude", "history.jsonl");
+  const hPath = historyPath ?? import_path37.default.join(import_os30.default.homedir(), ".claude", "history.jsonl");
   let historyRaw;
   try {
-    historyRaw = import_fs33.default.readFileSync(hPath, "utf-8");
+    historyRaw = import_fs34.default.readFileSync(hPath, "utf-8");
   } catch {
     return [];
   }
@@ -14342,7 +14728,7 @@ function buildSessions(days, historyPath) {
     const jsonlFile = sessionJsonlPath(entry.project, entry.sessionId);
     let sessionLines = [];
     try {
-      sessionLines = import_fs33.default.readFileSync(jsonlFile, "utf-8").split("\n");
+      sessionLines = import_fs34.default.readFileSync(jsonlFile, "utf-8").split("\n");
     } catch {
     }
     const { toolCalls, costUSD, hasSnapshot, modifiedFiles } = parseSessionLines(sessionLines);
@@ -14593,8 +14979,8 @@ function registerSessionsCommand(program2) {
     console.log("");
     console.log(import_chalk22.default.cyan.bold("\u{1F4CB}  node9 sessions") + import_chalk22.default.dim("  \u2014 what your AI agent did"));
     console.log("");
-    const historyPath = import_path36.default.join(import_os29.default.homedir(), ".claude", "history.jsonl");
-    if (!import_fs33.default.existsSync(historyPath)) {
+    const historyPath = import_path37.default.join(import_os30.default.homedir(), ".claude", "history.jsonl");
+    if (!import_fs34.default.existsSync(historyPath)) {
       console.log(import_chalk22.default.yellow("  No Claude session history found at ~/.claude/history.jsonl"));
       console.log(import_chalk22.default.gray("  Install Claude Code, run a few sessions, then try again.\n"));
       return;
@@ -14626,12 +15012,12 @@ function registerSessionsCommand(program2) {
 
 // src/cli/commands/skill-pin.ts
 var import_chalk23 = __toESM(require("chalk"));
-var import_fs34 = __toESM(require("fs"));
-var import_os30 = __toESM(require("os"));
-var import_path37 = __toESM(require("path"));
+var import_fs35 = __toESM(require("fs"));
+var import_os31 = __toESM(require("os"));
+var import_path38 = __toESM(require("path"));
 function wipeSkillSessions() {
   try {
-    import_fs34.default.rmSync(import_path37.default.join(import_os30.default.homedir(), ".node9", "skill-sessions"), {
+    import_fs35.default.rmSync(import_path38.default.join(import_os31.default.homedir(), ".node9", "skill-sessions"), {
       recursive: true,
       force: true
     });
@@ -14712,22 +15098,145 @@ function registerSkillPinCommand(program2) {
   });
 }
 
+// src/cli/commands/dlp.ts
+var import_chalk24 = __toESM(require("chalk"));
+var import_fs36 = __toESM(require("fs"));
+var import_path39 = __toESM(require("path"));
+var import_os32 = __toESM(require("os"));
+var AUDIT_LOG = import_path39.default.join(import_os32.default.homedir(), ".node9", "audit.log");
+var RESOLVED_FILE = import_path39.default.join(import_os32.default.homedir(), ".node9", "dlp-resolved.json");
+var ANSI_RE = /\x1b(?:\[[0-9;?]*[a-zA-Z]|\][^\x07\x1b]*(?:\x07|\x1b\\)|[@-_])/g;
+function stripAnsi(s) {
+  return s.replace(ANSI_RE, "");
+}
+function loadResolved() {
+  try {
+    const raw = JSON.parse(import_fs36.default.readFileSync(RESOLVED_FILE, "utf-8"));
+    return new Set(raw);
+  } catch {
+    return /* @__PURE__ */ new Set();
+  }
+}
+function saveResolved(resolved) {
+  try {
+    import_fs36.default.writeFileSync(RESOLVED_FILE, JSON.stringify([...resolved], null, 2), { mode: 384 });
+  } catch {
+  }
+}
+function loadDlpFindings() {
+  if (!import_fs36.default.existsSync(AUDIT_LOG)) return [];
+  return import_fs36.default.readFileSync(AUDIT_LOG, "utf-8").split("\n").flatMap((line) => {
+    if (!line.trim()) return [];
+    try {
+      const e = JSON.parse(line);
+      return e.source === "response-dlp" ? [e] : [];
+    } catch {
+      return [];
+    }
+  });
+}
+function entryKey(e) {
+  return `${e.ts}:${e.dlpPattern}:${e.dlpSample}`;
+}
+function fmtDate3(ts) {
+  try {
+    return new Date(ts).toLocaleDateString("en-US", {
+      month: "short",
+      day: "numeric",
+      year: "numeric"
+    });
+  } catch {
+    return ts.slice(0, 10);
+  }
+}
+function registerDlpCommand(program2) {
+  const cmd = program2.command("dlp").description("Show secrets detected in Claude response text and mark them resolved");
+  cmd.command("resolve").description("Mark all current DLP findings as resolved").action(() => {
+    const findings = loadDlpFindings();
+    if (findings.length === 0) {
+      console.log(import_chalk24.default.green("\n  \u2705 No response-DLP findings to resolve.\n"));
+      return;
+    }
+    const resolved = loadResolved();
+    for (const e of findings) resolved.add(entryKey(e));
+    saveResolved(resolved);
+    console.log(
+      import_chalk24.default.green(
+        `
+  \u2705 ${findings.length} finding${findings.length !== 1 ? "s" : ""} marked as resolved.
+`
+      )
+    );
+  });
+  cmd.action(() => {
+    const findings = loadDlpFindings();
+    const resolved = loadResolved();
+    const open = findings.filter((e) => !resolved.has(entryKey(e)));
+    const resolvedCount = findings.length - open.length;
+    console.log("");
+    console.log(
+      import_chalk24.default.bold.cyan("\u{1F510}  node9 dlp") + import_chalk24.default.dim("  \u2014 secrets found in Claude response text")
+    );
+    console.log("");
+    if (open.length === 0) {
+      if (resolvedCount > 0) {
+        console.log(import_chalk24.default.green(`  \u2705 No open findings  \xB7  ${resolvedCount} previously resolved`));
+      } else {
+        console.log(
+          import_chalk24.default.green("  \u2705 No findings \u2014 Claude has not leaked secrets in response text")
+        );
+      }
+      console.log("");
+      return;
+    }
+    console.log(
+      import_chalk24.default.bgRed.white.bold(` \u26A0\uFE0F  ${open.length} open finding${open.length !== 1 ? "s" : ""} `) + import_chalk24.default.dim(resolvedCount > 0 ? `  (${resolvedCount} resolved)` : "")
+    );
+    console.log("");
+    console.log(
+      import_chalk24.default.dim("  These secrets were included in Claude's response text \u2014 NOT blocked.")
+    );
+    console.log(import_chalk24.default.dim("  Rotate each affected key immediately.\n"));
+    for (const e of open) {
+      console.log(
+        "  " + import_chalk24.default.red("\u25CF") + "  " + import_chalk24.default.white(e.dlpPattern ?? "Secret") + import_chalk24.default.dim("  " + fmtDate3(e.ts))
+      );
+      if (e.dlpSample) {
+        console.log("     " + import_chalk24.default.dim("Sample: ") + import_chalk24.default.yellow(stripAnsi(e.dlpSample)));
+      }
+      if (e.project) {
+        console.log("     " + import_chalk24.default.dim("Project: ") + import_chalk24.default.dim(stripAnsi(e.project)));
+      }
+      console.log("");
+    }
+    console.log("  " + import_chalk24.default.bold("Next steps:"));
+    console.log("  " + import_chalk24.default.cyan("1.") + " Rotate any exposed keys shown above");
+    console.log(
+      "  " + import_chalk24.default.cyan("2.") + " Run " + import_chalk24.default.white("node9 dlp resolve") + " to acknowledge"
+    );
+    console.log(
+      "  " + import_chalk24.default.cyan("3.") + " Run " + import_chalk24.default.white("node9 report") + " for full audit history"
+    );
+    console.log("");
+  });
+}
+
 // src/cli.ts
 var { version } = JSON.parse(
-  import_fs37.default.readFileSync(import_path40.default.join(__dirname, "../package.json"), "utf-8")
+  import_fs39.default.readFileSync(import_path42.default.join(__dirname, "../package.json"), "utf-8")
 );
 var program = new import_commander.Command();
 program.name("node9").description("The Sudo Command for AI Agents").version(version);
 program.command("login").argument("<apiKey>").option("--local", "Save key for audit/logging only \u2014 local config still controls all decisions").option("--profile <name>", 'Save as a named profile (default: "default")').action((apiKey, options) => {
   const DEFAULT_API_URL2 = "https://api.node9.ai/api/v1/intercept";
-  const credPath = import_path40.default.join(import_os33.default.homedir(), ".node9", "credentials.json");
-  if (!import_fs37.default.existsSync(import_path40.default.dirname(credPath)))
-    import_fs37.default.mkdirSync(import_path40.default.dirname(credPath), { recursive: true });
+  const credPath = import_path42.default.join(import_os35.default.homedir(), ".node9", "credentials.json");
+  if (!import_fs39.default.existsSync(import_path42.default.dirname(credPath)))
+    import_fs39.default.mkdirSync(import_path42.default.dirname(credPath), { recursive: true });
   const profileName = options.profile || "default";
   let existingCreds = {};
   try {
-    if (import_fs37.default.existsSync(credPath)) {
-      const raw = JSON.parse(import_fs37.default.readFileSync(credPath, "utf-8"));
+    if (import_fs39.default.existsSync(credPath)) {
+      const raw = JSON.parse(import_fs39.default.readFileSync(credPath, "utf-8"));
       if (raw.apiKey) {
         existingCreds = {
           default: { apiKey: raw.apiKey, apiUrl: raw.apiUrl || DEFAULT_API_URL2 }
@@ -14739,13 +15248,13 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
   } catch {
   }
   existingCreds[profileName] = { apiKey, apiUrl: DEFAULT_API_URL2 };
-  import_fs37.default.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
+  import_fs39.default.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
   if (profileName === "default") {
-    const configPath = import_path40.default.join(import_os33.default.homedir(), ".node9", "config.json");
+    const configPath = import_path42.default.join(import_os35.default.homedir(), ".node9", "config.json");
     let config = {};
     try {
-      if (import_fs37.default.existsSync(configPath))
-        config = JSON.parse(import_fs37.default.readFileSync(configPath, "utf-8"));
+      if (import_fs39.default.existsSync(configPath))
+        config = JSON.parse(import_fs39.default.readFileSync(configPath, "utf-8"));
     } catch {
     }
     if (!config.settings || typeof config.settings !== "object") config.settings = {};
@@ -14760,47 +15269,61 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
       approvers.cloud = false;
     }
     s.approvers = approvers;
-    if (!import_fs37.default.existsSync(import_path40.default.dirname(configPath)))
-      import_fs37.default.mkdirSync(import_path40.default.dirname(configPath), { recursive: true });
-    import_fs37.default.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+    if (!import_fs39.default.existsSync(import_path42.default.dirname(configPath)))
+      import_fs39.default.mkdirSync(import_path42.default.dirname(configPath), { recursive: true });
+    import_fs39.default.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
   }
   if (options.profile && profileName !== "default") {
-    console.log(import_chalk25.default.green(`\u2705 Profile "${profileName}" saved`));
-    console.log(import_chalk25.default.gray(`   Switch to it per-session:  NODE9_PROFILE=${profileName} claude`));
+    console.log(import_chalk26.default.green(`\u2705 Profile "${profileName}" saved`));
+    console.log(import_chalk26.default.gray(`   Switch to it per-session:  NODE9_PROFILE=${profileName} claude`));
   } else if (options.local) {
-    console.log(import_chalk25.default.green(`\u2705 Privacy mode \u{1F6E1}\uFE0F`));
-    console.log(import_chalk25.default.gray(`   All decisions stay on this machine.`));
+    console.log(import_chalk26.default.green(`\u2705 Privacy mode \u{1F6E1}\uFE0F`));
+    console.log(import_chalk26.default.gray(`   All decisions stay on this machine.`));
   } else {
-    console.log(import_chalk25.default.green(`\u2705 Logged in \u2014 agent mode`));
-    console.log(import_chalk25.default.gray(`   Team policy enforced for all calls via Node9 cloud.`));
+    console.log(import_chalk26.default.green(`\u2705 Logged in \u2014 agent mode`));
+    console.log(import_chalk26.default.gray(`   Team policy enforced for all calls via Node9 cloud.`));
   }
 });
-program.command("addto").description("Integrate Node9 with an AI agent").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  windsurf  vscode  hud").argument("<target>", "The agent to protect: claude | gemini | cursor | windsurf | vscode | hud").action(async (target) => {
+program.command("addto").description("Integrate Node9 with an AI agent").addHelpText(
+  "after",
+  "\n  Supported targets:  claude  gemini  cursor  codex  windsurf  vscode  hud"
+).argument(
+  "<target>",
+  "The agent to protect: claude | gemini | cursor | codex | windsurf | vscode | hud"
+).action(async (target) => {
   if (target === "gemini") return await setupGemini();
   if (target === "claude") return await setupClaude();
   if (target === "cursor") return await setupCursor();
+  if (target === "codex") return await setupCodex();
   if (target === "windsurf") return await setupWindsurf();
   if (target === "vscode") return await setupVSCode();
   if (target === "hud") return setupHud();
   console.error(
-    import_chalk25.default.red(
-      `Unknown target: "${target}". Supported: claude, gemini, cursor, windsurf, vscode, hud`
+    import_chalk26.default.red(
+      `Unknown target: "${target}". Supported: claude, gemini, cursor, codex, windsurf, vscode, hud`
     )
   );
   process.exit(1);
 });
-program.command("setup").description('Alias for "addto" \u2014 integrate Node9 with an AI agent').addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  windsurf  vscode  hud").argument("[target]", "The agent to protect: claude | gemini | cursor | windsurf | vscode | hud").action(async (target) => {
+program.command("setup").description('Alias for "addto" \u2014 integrate Node9 with an AI agent').addHelpText(
+  "after",
+  "\n  Supported targets:  claude  gemini  cursor  codex  windsurf  vscode  hud"
+).argument(
+  "[target]",
+  "The agent to protect: claude | gemini | cursor | codex | windsurf | vscode | hud"
+).action(async (target) => {
   if (!target) {
-    console.log(import_chalk25.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Setup \u2014 integrate with your AI agent\n"));
-    console.log("  Usage:  " + import_chalk25.default.white("node9 setup <target>") + "\n");
+    console.log(import_chalk26.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Setup \u2014 integrate with your AI agent\n"));
+    console.log("  Usage:  " + import_chalk26.default.white("node9 setup <target>") + "\n");
     console.log("  Targets:");
-    console.log("    " + import_chalk25.default.green("claude") + "    \u2014 Claude Code (hook mode)");
-    console.log("    " + import_chalk25.default.green("gemini") + "    \u2014 Gemini CLI (hook mode)");
-    console.log("    " + import_chalk25.default.green("cursor") + "    \u2014 Cursor (MCP proxy)");
-    console.log("    " + import_chalk25.default.green("windsurf") + "  \u2014 Windsurf (MCP proxy)");
-    console.log("    " + import_chalk25.default.green("vscode") + "    \u2014 VSCode / Copilot (MCP proxy)");
+    console.log("    " + import_chalk26.default.green("claude") + "    \u2014 Claude Code (hook mode)");
+    console.log("    " + import_chalk26.default.green("gemini") + "    \u2014 Gemini CLI (hook mode)");
+    console.log("    " + import_chalk26.default.green("cursor") + "    \u2014 Cursor (MCP proxy)");
+    console.log("    " + import_chalk26.default.green("codex") + "     \u2014 OpenAI Codex CLI (MCP proxy)");
+    console.log("    " + import_chalk26.default.green("windsurf") + "  \u2014 Windsurf (MCP proxy)");
+    console.log("    " + import_chalk26.default.green("vscode") + "    \u2014 VSCode / Copilot (MCP proxy)");
     process.stdout.write(
-      "    " + import_chalk25.default.green("hud") + "       \u2014 Claude Code security statusline\n"
+      "    " + import_chalk26.default.green("hud") + "       \u2014 Claude Code security statusline\n"
     );
     console.log("");
     return;
@@ -14809,61 +15332,67 @@ program.command("setup").description('Alias for "addto" \u2014 integrate Node9 w
   if (t === "gemini") return await setupGemini();
   if (t === "claude") return await setupClaude();
   if (t === "cursor") return await setupCursor();
+  if (t === "codex") return await setupCodex();
   if (t === "windsurf") return await setupWindsurf();
   if (t === "vscode") return await setupVSCode();
   if (t === "hud") return setupHud();
   console.error(
-    import_chalk25.default.red(
-      `Unknown target: "${target}". Supported: claude, gemini, cursor, windsurf, vscode, hud`
+    import_chalk26.default.red(
+      `Unknown target: "${target}". Supported: claude, gemini, cursor, codex, windsurf, vscode, hud`
     )
   );
   process.exit(1);
 });
-program.command("removefrom").description("Remove Node9 hooks from an AI agent configuration").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  windsurf  vscode  hud").argument(
+program.command("removefrom").description("Remove Node9 hooks from an AI agent configuration").addHelpText(
+  "after",
+  "\n  Supported targets:  claude  gemini  cursor  codex  windsurf  vscode  hud"
+).argument(
   "<target>",
-  "The agent to remove from: claude | gemini | cursor | windsurf | vscode | hud"
+  "The agent to remove from: claude | gemini | cursor | codex | windsurf | vscode | hud"
 ).action((target) => {
   let fn;
   if (target === "claude") fn = teardownClaude;
   else if (target === "gemini") fn = teardownGemini;
   else if (target === "cursor") fn = teardownCursor;
+  else if (target === "codex") fn = teardownCodex;
   else if (target === "windsurf") fn = teardownWindsurf;
   else if (target === "vscode") fn = teardownVSCode;
   else if (target === "hud") fn = teardownHud;
   else {
     console.error(
-      import_chalk25.default.red(
-        `Unknown target: "${target}". Supported: claude, gemini, cursor, windsurf, vscode, hud`
+      import_chalk26.default.red(
+        `Unknown target: "${target}". Supported: claude, gemini, cursor, codex, windsurf, vscode, hud`
       )
     );
     process.exit(1);
   }
-  console.log(import_chalk25.default.cyan(`
+  console.log(import_chalk26.default.cyan(`
 \u{1F6E1}\uFE0F  Node9: removing hooks from ${target}...
 `));
   try {
     fn();
   } catch (err2) {
-    console.error(import_chalk25.default.red(`  \u26A0\uFE0F  Failed: ${err2 instanceof Error ? err2.message : String(err2)}`));
+    console.error(import_chalk26.default.red(`  \u26A0\uFE0F  Failed: ${err2 instanceof Error ? err2.message : String(err2)}`));
     process.exit(1);
   }
-  console.log(import_chalk25.default.gray("\n  Restart the agent for changes to take effect."));
+  console.log(import_chalk26.default.gray("\n  Restart the agent for changes to take effect."));
 });
 program.command("uninstall").description("Remove all Node9 hooks and optionally delete config files").option("--purge", "Also delete ~/.node9/ directory (config, audit log, credentials)").action(async (options) => {
-  console.log(import_chalk25.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Uninstall\n"));
-  console.log(import_chalk25.default.bold("Stopping daemon..."));
+  console.log(import_chalk26.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Uninstall\n"));
+  console.log(import_chalk26.default.bold("Stopping daemon..."));
   try {
     stopDaemon();
-    console.log(import_chalk25.default.green("  \u2705 Daemon stopped"));
+    console.log(import_chalk26.default.green("  \u2705 Daemon stopped"));
   } catch {
-    console.log(import_chalk25.default.blue("  \u2139\uFE0F  Daemon was not running"));
+    console.log(import_chalk26.default.blue("  \u2139\uFE0F  Daemon was not running"));
   }
-  console.log(import_chalk25.default.bold("\nRemoving hooks..."));
+  console.log(import_chalk26.default.bold("\nRemoving hooks..."));
   let teardownFailed = false;
   for (const [label, fn] of [
     ["Claude", teardownClaude],
     ["Gemini", teardownGemini],
     ["Cursor", teardownCursor],
+    ["Codex", teardownCodex],
     ["Windsurf", teardownWindsurf],
     ["VSCode", teardownVSCode]
   ]) {
@@ -14872,45 +15401,45 @@ program.command("uninstall").description("Remove all Node9 hooks and optionally
     } catch (err2) {
       teardownFailed = true;
       console.error(
-        import_chalk25.default.red(
+        import_chalk26.default.red(
           `  \u26A0\uFE0F  Failed to remove ${label} hooks: ${err2 instanceof Error ? err2.message : String(err2)}`
         )
       );
     }
   }
   if (options.purge) {
-    const node9Dir = import_path40.default.join(import_os33.default.homedir(), ".node9");
-    if (import_fs37.default.existsSync(node9Dir)) {
+    const node9Dir = import_path42.default.join(import_os35.default.homedir(), ".node9");
+    if (import_fs39.default.existsSync(node9Dir)) {
       const confirmed = await (0, import_prompts2.confirm)({
         message: `Permanently delete ${node9Dir} (config, audit log, credentials)?`,
         default: false
       });
       if (confirmed) {
-        import_fs37.default.rmSync(node9Dir, { recursive: true });
-        if (import_fs37.default.existsSync(node9Dir)) {
+        import_fs39.default.rmSync(node9Dir, { recursive: true });
+        if (import_fs39.default.existsSync(node9Dir)) {
           console.error(
-            import_chalk25.default.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
+            import_chalk26.default.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
           );
         } else {
-          console.log(import_chalk25.default.green("\n  \u2705 Deleted ~/.node9/ (config, audit log, credentials)"));
+          console.log(import_chalk26.default.green("\n  \u2705 Deleted ~/.node9/ (config, audit log, credentials)"));
         }
       } else {
-        console.log(import_chalk25.default.yellow("\n  Skipped \u2014 ~/.node9/ was not deleted."));
+        console.log(import_chalk26.default.yellow("\n  Skipped \u2014 ~/.node9/ was not deleted."));
       }
     } else {
-      console.log(import_chalk25.default.blue("\n  \u2139\uFE0F  ~/.node9/ not found \u2014 nothing to delete"));
+      console.log(import_chalk26.default.blue("\n  \u2139\uFE0F  ~/.node9/ not found \u2014 nothing to delete"));
     }
   } else {
     console.log(
-      import_chalk25.default.gray("\n  ~/.node9/ kept \u2014 run with --purge to delete config and audit log")
+      import_chalk26.default.gray("\n  ~/.node9/ kept \u2014 run with --purge to delete config and audit log")
     );
   }
   if (teardownFailed) {
-    console.error(import_chalk25.default.red("\n  \u26A0\uFE0F  Some hooks could not be removed \u2014 see errors above."));
+    console.error(import_chalk26.default.red("\n  \u26A0\uFE0F  Some hooks could not be removed \u2014 see errors above."));
     process.exit(1);
   }
-  console.log(import_chalk25.default.green.bold("\n\u{1F6E1}\uFE0F  Node9 removed. Run: npm uninstall -g @node9/proxy"));
-  console.log(import_chalk25.default.gray("   Restart any open AI agent sessions for changes to take effect.\n"));
+  console.log(import_chalk26.default.green.bold("\n\u{1F6E1}\uFE0F  Node9 removed. Run: npm uninstall -g @node9/proxy"));
+  console.log(import_chalk26.default.gray("   Restart any open AI agent sessions for changes to take effect.\n"));
 });
 registerDoctorCommand(program, version);
 program.command("explain").description(
@@ -14923,7 +15452,7 @@ program.command("explain").description(
       try {
         args = JSON.parse(trimmed);
       } catch {
-        console.error(import_chalk25.default.red(`
+        console.error(import_chalk26.default.red(`
 \u274C Invalid JSON: ${trimmed}
 `));
         process.exit(1);
@@ -14934,54 +15463,54 @@ program.command("explain").description(
   }
   const result = await explainPolicy(tool, args);
   console.log("");
-  console.log(import_chalk25.default.cyan.bold("\u{1F6E1}\uFE0F  Node9 Explain"));
+  console.log(import_chalk26.default.cyan.bold("\u{1F6E1}\uFE0F  Node9 Explain"));
   console.log("");
-  console.log(`   ${import_chalk25.default.bold("Tool:")}    ${import_chalk25.default.white(result.tool)}`);
+  console.log(`   ${import_chalk26.default.bold("Tool:")}    ${import_chalk26.default.white(result.tool)}`);
   if (argsRaw) {
     const preview2 = argsRaw.length > 80 ? argsRaw.slice(0, 77) + "\u2026" : argsRaw;
-    console.log(`   ${import_chalk25.default.bold("Input:")}   ${import_chalk25.default.gray(preview2)}`);
+    console.log(`   ${import_chalk26.default.bold("Input:")}   ${import_chalk26.default.gray(preview2)}`);
   }
   console.log("");
-  console.log(import_chalk25.default.bold("Config Sources (Waterfall):"));
+  console.log(import_chalk26.default.bold("Config Sources (Waterfall):"));
   for (const tier of result.waterfall) {
-    const num3 = import_chalk25.default.gray(`  ${tier.tier}.`);
+    const num3 = import_chalk26.default.gray(`  ${tier.tier}.`);
     const label = tier.label.padEnd(16);
     let statusStr;
     if (tier.tier === 1) {
-      statusStr = import_chalk25.default.gray(tier.note ?? "");
+      statusStr = import_chalk26.default.gray(tier.note ?? "");
     } else if (tier.status === "active") {
-      const loc = tier.path ? import_chalk25.default.gray(tier.path) : "";
-      const note = tier.note ? import_chalk25.default.gray(`(${tier.note})`) : "";
-      statusStr = import_chalk25.default.green("\u2713 active") + (loc ? "  " + loc : "") + (note ? "  " + note : "");
+      const loc = tier.path ? import_chalk26.default.gray(tier.path) : "";
+      const note = tier.note ? import_chalk26.default.gray(`(${tier.note})`) : "";
+      statusStr = import_chalk26.default.green("\u2713 active") + (loc ? "  " + loc : "") + (note ? "  " + note : "");
     } else {
-      statusStr = import_chalk25.default.gray("\u25CB " + (tier.note ?? "not found"));
+      statusStr = import_chalk26.default.gray("\u25CB " + (tier.note ?? "not found"));
     }
-    console.log(`${num3} ${import_chalk25.default.white(label)} ${statusStr}`);
+    console.log(`${num3} ${import_chalk26.default.white(label)} ${statusStr}`);
   }
   console.log("");
-  console.log(import_chalk25.default.bold("Policy Evaluation:"));
+  console.log(import_chalk26.default.bold("Policy Evaluation:"));
   for (const step of result.steps) {
     const isFinal = step.isFinal;
     let icon;
-    if (step.outcome === "allow") icon = import_chalk25.default.green("  \u2705");
-    else if (step.outcome === "review") icon = import_chalk25.default.red("  \u{1F534}");
-    else if (step.outcome === "skip") icon = import_chalk25.default.gray("  \u2500 ");
-    else icon = import_chalk25.default.gray("  \u25CB ");
+    if (step.outcome === "allow") icon = import_chalk26.default.green("  \u2705");
+    else if (step.outcome === "review") icon = import_chalk26.default.red("  \u{1F534}");
+    else if (step.outcome === "skip") icon = import_chalk26.default.gray("  \u2500 ");
+    else icon = import_chalk26.default.gray("  \u25CB ");
     const name = step.name.padEnd(18);
-    const nameStr = isFinal ? import_chalk25.default.white.bold(name) : import_chalk25.default.white(name);
-    const detail = isFinal ? import_chalk25.default.white(step.detail) : import_chalk25.default.gray(step.detail);
-    const arrow = isFinal ? import_chalk25.default.yellow("  \u2190 STOP") : "";
+    const nameStr = isFinal ? import_chalk26.default.white.bold(name) : import_chalk26.default.white(name);
+    const detail = isFinal ? import_chalk26.default.white(step.detail) : import_chalk26.default.gray(step.detail);
+    const arrow = isFinal ? import_chalk26.default.yellow("  \u2190 STOP") : "";
     console.log(`${icon} ${nameStr} ${detail}${arrow}`);
   }
   console.log("");
   if (result.decision === "allow") {
-    console.log(import_chalk25.default.green.bold("  Decision: \u2705 ALLOW") + import_chalk25.default.gray("  \u2014 no approval needed"));
+    console.log(import_chalk26.default.green.bold("  Decision: \u2705 ALLOW") + import_chalk26.default.gray("  \u2014 no approval needed"));
   } else {
     console.log(
-      import_chalk25.default.red.bold("  Decision: \u{1F534} REVIEW") + import_chalk25.default.gray("  \u2014 human approval required")
+      import_chalk26.default.red.bold("  Decision: \u{1F534} REVIEW") + import_chalk26.default.gray("  \u2014 human approval required")
     );
     if (result.blockedByLabel) {
-      console.log(import_chalk25.default.gray(`  Reason:   ${result.blockedByLabel}`));
+      console.log(import_chalk26.default.gray(`  Reason:   ${result.blockedByLabel}`));
     }
   }
   console.log("");
@@ -14996,7 +15525,7 @@ program.command("tail").description("Stream live agent activity to the terminal"
   try {
     await startTail2(options);
   } catch (err2) {
-    console.error(import_chalk25.default.red(`\u274C ${err2 instanceof Error ? err2.message : String(err2)}`));
+    console.error(import_chalk26.default.red(`\u274C ${err2 instanceof Error ? err2.message : String(err2)}`));
     process.exit(1);
   }
 });
@@ -15029,14 +15558,14 @@ Claude Code spawns this command every ~300ms and writes a JSON payload to stdin.
 Run "node9 addto claude" to register it as the statusLine.`
 ).argument("[subcommand]", 'Optional: "debug on" / "debug off" to toggle stdin logging').argument("[state]", 'on|off \u2014 used with "debug" subcommand').action(async (subcommand, state) => {
   if (subcommand === "debug") {
-    const flagFile = import_path40.default.join(import_os33.default.homedir(), ".node9", "hud-debug");
+    const flagFile = import_path42.default.join(import_os35.default.homedir(), ".node9", "hud-debug");
     if (state === "on") {
-      import_fs37.default.mkdirSync(import_path40.default.dirname(flagFile), { recursive: true });
-      import_fs37.default.writeFileSync(flagFile, "");
+      import_fs39.default.mkdirSync(import_path42.default.dirname(flagFile), { recursive: true });
+      import_fs39.default.writeFileSync(flagFile, "");
       console.log("HUD debug logging enabled \u2192 ~/.node9/hud-debug.log");
       console.log("Tail it with: tail -f ~/.node9/hud-debug.log");
     } else if (state === "off") {
-      if (import_fs37.default.existsSync(flagFile)) import_fs37.default.unlinkSync(flagFile);
+      if (import_fs39.default.existsSync(flagFile)) import_fs39.default.unlinkSync(flagFile);
       console.log("HUD debug logging disabled.");
     } else {
       console.error("Usage: node9 hud debug on|off");
@@ -15051,7 +15580,7 @@ program.command("pause").description("Temporarily disable Node9 protection for a
   const ms = parseDuration(options.duration);
   if (ms === null) {
     console.error(
-      import_chalk25.default.red(`
+      import_chalk26.default.red(`
 \u274C  Invalid duration: "${options.duration}". Use format like 15m, 1h, 30s.
 `)
     );
@@ -15059,20 +15588,20 @@ program.command("pause").description("Temporarily disable Node9 protection for a
   }
   pauseNode9(ms, options.duration);
   const expiresAt = new Date(Date.now() + ms).toLocaleTimeString();
-  console.log(import_chalk25.default.yellow(`
+  console.log(import_chalk26.default.yellow(`
 \u23F8  Node9 paused until ${expiresAt}`));
-  console.log(import_chalk25.default.gray(`   All tool calls will be allowed without review.`));
-  console.log(import_chalk25.default.gray(`   Run "node9 resume" to re-enable early.
+  console.log(import_chalk26.default.gray(`   All tool calls will be allowed without review.`));
+  console.log(import_chalk26.default.gray(`   Run "node9 resume" to re-enable early.
 `));
 });
 program.command("resume").description("Re-enable Node9 protection immediately").action(() => {
   const { paused } = checkPause();
   if (!paused) {
-    console.log(import_chalk25.default.gray("\nNode9 is already active \u2014 nothing to resume.\n"));
+    console.log(import_chalk26.default.gray("\nNode9 is already active \u2014 nothing to resume.\n"));
     return;
   }
   resumeNode9();
-  console.log(import_chalk25.default.green("\n\u25B6  Node9 resumed \u2014 protection is active.\n"));
+  console.log(import_chalk26.default.green("\n\u25B6  Node9 resumed \u2014 protection is active.\n"));
 });
 var HOOK_BASED_AGENTS = {
   claude: "claude",
@@ -15085,15 +15614,15 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
     if (HOOK_BASED_AGENTS[firstArg2] !== void 0) {
       const target = HOOK_BASED_AGENTS[firstArg2];
       console.error(
-        import_chalk25.default.yellow(`
+        import_chalk26.default.yellow(`
 \u26A0\uFE0F  Node9 proxy mode does not support "${target}" directly.`)
       );
-      console.error(import_chalk25.default.white(`
+      console.error(import_chalk26.default.white(`
    "${target}" uses its own hook system. Use:`));
       console.error(
-        import_chalk25.default.green(`     node9 addto ${target}   `) + import_chalk25.default.gray("# one-time setup")
+        import_chalk26.default.green(`     node9 addto ${target}   `) + import_chalk26.default.gray("# one-time setup")
       );
-      console.error(import_chalk25.default.green(`     ${target}              `) + import_chalk25.default.gray("# run normally"));
+      console.error(import_chalk26.default.green(`     ${target}              `) + import_chalk26.default.gray("# run normally"));
       process.exit(1);
     }
     const runArgs = firstArg2 === "shell" ? commandArgs.slice(1) : commandArgs;
@@ -15110,7 +15639,7 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
       }
     );
     if (result.noApprovalMechanism && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON && getConfig().settings.autoStartDaemon) {
-      console.error(import_chalk25.default.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically..."));
+      console.error(import_chalk26.default.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically..."));
       const daemonReady = await autoStartDaemonAndWait();
       if (daemonReady) result = await authorizeHeadless("shell", { command: fullCommand });
     }
@@ -15123,12 +15652,12 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
     }
     if (!result.approved) {
       console.error(
-        import_chalk25.default.red(`
+        import_chalk26.default.red(`
 \u274C Node9 Blocked: ${result.reason || "Dangerous command detected."}`)
       );
       process.exit(1);
     }
-    console.error(import_chalk25.default.green("\n\u2705 Approved \u2014 running command...\n"));
+    console.error(import_chalk26.default.green("\n\u2705 Approved \u2014 running command...\n"));
     await runProxy(fullCommand);
   } else {
     program.help();
@@ -15142,14 +15671,15 @@ registerSyncCommand(program);
 registerAgentsCommand(program);
 registerScanCommand(program);
 registerSessionsCommand(program);
+registerDlpCommand(program);
 if (process.argv[2] !== "daemon") {
   process.on("unhandledRejection", (reason) => {
     const isCheckHook = process.argv[2] === "check";
     if (isCheckHook) {
       if (process.env.NODE9_DEBUG === "1" || getConfig().settings.enableHookLogDebug) {
-        const logPath = import_path40.default.join(import_os33.default.homedir(), ".node9", "hook-debug.log");
+        const logPath = import_path42.default.join(import_os35.default.homedir(), ".node9", "hook-debug.log");
         const msg = reason instanceof Error ? reason.message : String(reason);
-        import_fs37.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
+        import_fs39.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
 `);
       }
       process.exit(0);